Show simple item record

dc.contributor.advisorEmer, Joel S.
dc.contributor.advisorYan, Mengjia
dc.contributor.authorNa, Weon Taek
dc.date.accessioned2023-07-31T19:49:33Z
dc.date.available2023-07-31T19:49:33Z
dc.date.issued2023-06
dc.date.submitted2023-07-13T14:26:11.799Z
dc.identifier.urihttps://hdl.handle.net/1721.1/151572
dc.description.abstractModern systems are becoming increasingly complex, exposing a large attack surface with vulnerabilities in both software and hardware. In the software layer, memory corruption vulnerabilities can be exploited by attackers to alter the behavior or take full control of a victim program. In the hardware layer, microarchitectural side channel vulnerabilities can be exploited to leak arbitrary data within the victim program’s address space. Today, it is common for security researchers to explore software and hardware vulnerabilities separately, considering the two vulnerabilities in two disjoint threat models. This thesis studies the synergies that arise at the convergence of the two threat models. In particular, this thesis first presents PACMAN, a novel attack methodology that leverages speculative execution attacks to circumvent ARM Pointer Authentication, a critical memory safety feature in many state-of-the-art ARM processors. The key insight of the PACMAN attack is that PAC verification results can be leaked via microarchitectural side channels while suppressing crashes. The PACMAN attack removes the primary barrier to conducting control-flow hijacking attacks on a platform protected by ARM Pointer Authentication. Moreover, we show that the PACMAN attack works across privilege levels, meaning that we can attack the operating system kernel as an unprivileged user in userspace. Alas, the discovery of the PACMAN attack calls for a drastic re-evaluation of all memory corruption mitigations under a synergistic threat model; a threat model that encompasses both the memory corruption threat model and the side channel threat model. Driven by this need, the thesis next presents Penetrating Shields, a systematic analysis of memory corruption mitigations from both academia and industry. We start by systematizing a taxonomy of the state-of-the-art memory corruption mitigations focusing on hardware-software co-design defenses. This taxonomy helps us to identify 10 likely vulnerable defense schemes out of 20 schemes that we analyze. Next, we develop a graph-based model to analyze the 10 likely vulnerable defenses and reason about possible countermeasures. Finally, we present three proof-of-concept attacks targeting an already-deployed mitigation mechanism and two state-of-the-art academic proposals.
dc.publisherMassachusetts Institute of Technology
dc.rightsIn Copyright - Educational Use Permitted
dc.rightsCopyright retained by author(s)
dc.rights.urihttps://rightsstatements.org/page/InC-EDU/1.0/
dc.titleCircumventing Memory Corruption Mitigations in the Spectre Era: Real-World Attacks and Systematic Analysis of Defenses
dc.typeThesis
dc.description.degreeS.M.
dc.contributor.departmentMassachusetts Institute of Technology. Department of Electrical Engineering and Computer Science
dc.identifier.orcid0000-0002-1303-2461
mit.thesis.degreeMaster
thesis.degree.nameMaster of Science in Electrical Engineering and Computer Science


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record