ETD system

Electronic theses and dissertations repository


Tesi etd-11212018-174046

Thesis type
Tesi di laurea magistrale
email address
Hypervising of hardware-based control flow integrity for ARM platforms
Corso di studi
relatore Prof. Buttazzo, Giorgio C.
relatore Dott. Biondi, Alessandro
tutor Ing. Cicero, Giorgiomaria
Parole chiave
  • embedded systems
  • ARM
  • hypervisor
  • security
  • virtualization
  • Trustzone
Data inizio appello
Secretata d'ufficio
Data di rilascio
Riassunto analitico
Embedded systems are being adopted in applications requiring mixed levels of criticality and security, thus making them more susceptible to malicious cyber attacks. Due to resource constraints, classical IT solutions cannot be typically implemented on embedded platforms. Moreover, since the programming languages mostly used for these systems are unsafe by construction, code injection attacks and/or code reuse attacks (CRAs) become
more feasible. Although code injection attacks can be mitigated, CRAs, such as return-oriented programming (ROP) and jump-oriented programming (JOP), can still succeed.
Control-Flow Integrity (CFI) is one of the most used family of techniques to prevent CRAs by monitoring the execution flow of the program.
This thesis focuses on a hardware-based CFI solution, provided by the ARMv8.3-A architecture, namely Pointer Authentication Code (PAC), and investigates on the possible approaches to integrate said technique with virtualization mechanisms, at the aim to safely managing and monitoring it.
Pointer Authentication technique prevents control flow hijacking by protecting the integrity of code pointers at run-time by means of short Message Authentication Codes (MAC).
This code is embedded into each pointer and used for verifying its integrity before usage.

In particular, this work aims at (i) leveraging the hardware-based isolation offered by the ARM TrustZone
technology to achieve a successful key management, (ii) providing an attack detection allowing application-dependent reactions, and (iii) emulating the behaviour of PAC via software and/or hardware accelerations for architectures that do not dispose of hardware-based supports for CFI.

The implementation and the investigations carried out during this work revealed interesting insights but also crucial limitations. It emerged that the Armv8.3-A architecture allows hypervising PAC with limited effort thanks to the available hardware-based support, while detecting an attack is hard to realize without introducing non-trivial run-time overhead.
Finally, emulate the behaviour of PAC via software leads to performance degradation when adopting.