Mehmet Kayaalp

Branch regulation: low-overhead protection from code reuse attacks

Code reuse attacks (CRAs) are recent security exploits that allow attackers to execute arbitrary code on a compromised machine. CRAs, exemplified by return-oriented and jump-oriented programming approaches, reuse fragments of the library code, thus avoiding the need for explicit injection of attack code on the stack. Since the executed code is reused existing code, CRAs bypass current hardware and software security measures that prevent execution from data or stack regions of memory. While software-based full control flow integrity (CFI) checking can protect against CRAs, it includes significant overhead, involves non-trivial effort of constructing a control flow graph, relies on proprietary tools and has potential vulnerabilities due to the presence of unintended branch instructions in architectures such as ×86 - those branches are not checked by the software CFI. We propose branch regulation (BR), a lightweight hardware-supported protection mechanism against the CRAs that addresses all limitations of software CFI. BR enforces simple control flow rules in hardware at the function granularity to disallow arbitrary control flow transfers from one function into the middle of another function. This prevents common classes of CRAs without the complexity and run-time overhead of full CFI enforcement. BR incurs a slowdown of about 2% and increases the code footprint by less than 1% on the average for the SPEC 2006 benchmarks.

SCRAP: Architecture for signature-based protection from Code Reuse Attacks

Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs construct malicious programs out of small fragments (gadgets) of existing code, thus eliminating the need for code injection. Existing defenses against CRAs often incur large performance overheads or require extensive binary rewriting and other changes to the system software. In this paper, we examine a signature-based detection of CRAs, where the attack is detected by observing the behavior of programs and detecting the gadget execution patterns. We first demonstrate that naive signature-based defenses can be defeated by introducing special “delay gadgets” as part of the attack. We then show how a software-configurable signature-based approach can be designed to defend against such stealth CRAs, including the attacks that manage to use longer-length gadgets. The proposed defense (called SCRAP) can be implemented entirely in hardware using simple logic at the commit stage of the pipeline. SCRAP is realized with minimal performance cost, no changes to the software layers and no implications on binary compatibility. Finally, we show that SCRAP generates no false alarms on a wide range of applications.

A Collaborative and Content Based Event Recommendation System Integrated with Data Collection Scrapers and Services at a Social Networking Site

There are many activities that people prefer/opt out attending and these events are announced for attracting people. An intelligent recommendation system can be used in a social networking site in order to recommend people according to content and collaboration assessment. This study is an effort to recommend events to users within a social networking site. It can be any networking environment. We have used social environment that has been designed as a facebook application. Our application has also been integrated with several web sites. System collects event data from several related web sites either by using web services or web scraping. It also permits users rating events they have attended or planned. Given the social network between people, system tries to recommend upcoming events to users. For this purpose a combination of content based and collaborative filtering has been used. We have also taken geographical location info and social concept of an event.

A mash-up application utilizing hybridized filtering techniques for recommending events at a social networking site

Event recommendation is one way of gathering people having same likes/dislikes. In today’s world, many mass amounts of events are organized at different locations and times. Generally, cliques of people are fans of some specific events. They attend together based on each other’s recommendation. Generally, there are many activities that people prefer/opt out attending and these events are announced for attracting relevant people. Rather than, peer-to-peer oracles of a local group of people, or sentiments of people from different sources, an intelligent recommendation system can be used at a social networking site in order to recommend people in collaborative and content basis within a social networking site. We have used an existing social environment (http://www.facebook.com) for deployment. Our application has also been integrated with several web sites for collecting information for assessment. Our system has been designed in modules so that it is open to new data sources either by using web services or web scraping. Currently, our application is yet an application that permits users rate events; they have attended or have beliefs on them. Given the social network between people, system tries to recommend upcoming events to users. For this purpose, we have exploited the fact that a similarity relationship between different events can exist in terms of both content and collaborative filtering. Geographical locations have an impact so; we have also taken geographical location information and social concept of an event. Eventually, our system integrates different sources in facebook (http://www.facebook.com) for doing recommendation between people in close relationship. We have performed experiments among a group of students. Experiments led us have promising results.

Efficiently Securing Systems from Code Reuse Attacks

Code reuse attacks (CRAs) are recent security exploits that allow attackers to execute arbitrary code on a compromised machine. CRAs, exemplified by return-oriented and jump-oriented programming approaches, reuse fragments of the library code, thus avoiding the need for explicit injection of attack code on the stack. Since the executed code is reused existing code, CRAs bypass current hardware and software security measures that prevent execution from data or stack regions of memory. While software-based full control flow integrity (CFI) checking can protect against CRAs, it includes significant overhead, involves non-trivial effort of constructing a control flow graph, relies on proprietary tools and has potential vulnerabilities due to the presence of unintended branch instructions in architectures such as x86-those branches are not checked by the software CFI. We propose branch regulation (BR), a lightweight hardware-supported protection mechanism against the CRAs that addresses all limitations of software CFI. BR enforces simple control flow rules in hardware at the function granularity to disallow arbitrary control flow transfers from one function into the middle of another function. This prevents common classes of CRAs without the complexity and run-time overhead of full CFI enforcement. BR incurs a slowdown of about 2% and increases the code footprint by less than 1% on the average for the SPEC 2006 benchmarks.

Signature-Based Protection from Code Reuse Attacks

Code Reuse Attacks (CRAs) recently emerged as a new class of security exploits. CRAs construct malicious programs out of small fragments (gadgets) of existing code, thus eliminating the need for code injection. Existing defenses against CRAs often incur large performance overheads or require extensive binary rewriting and other changes to the system software. In this paper, we examine a signature-based detection of CRAs, where the attack is detected by observing the behavior of programs and detecting the gadget execution patterns. We first demonstrate that naive signature-based defenses can be defeated by introducing special “delay gadgets” as part of the attack. We then show how a software-configurable signature-based approach can be designed to defend against such stealth CRAs, including the attacks that manage to use longer-length gadgets. The proposed defense (called SCRAP) can be implemented entirely in hardware using simple logic at the commit stage of the pipeline. SCRAP is realized with minimal performance cost, no changes to the software layers, and no implications on binary compatibility. Finally, we show that SCRAP generates no false alarms on a wide range of applications.

Improving the Soft Error Resilience of the Register Files Using SRAM Bitcells with Built-In Comparators

Soft errors caused by cosmic rays or alpha particles emitted from the packaging material around the chips are becoming an increasingly important challenge in reliable microprocessor design. Transistor density, and die size trends show that soft errors will gain even more importance in the future. Due to their significant overheads, most redundancy schemes are employed where the penalty incurred can be hidden in the pipeline. Most contemporary processors employ a large physical register file to hold the produced results which may reside there for a long time. The register file is a critical element of a microprocessor and is needed to be protected against soft errors. In this paper we propose an SRAM bitcell design with ability to hold a redundant copy of the data and compare the copies with built-in comparators to detect a possible mismatch. Our experimental results show that the proposed design has 34% area, 7.9% power 2% delay overheads which are further reducible and can protect the register file against Silent Data Corruption (SDC).

Dynamic register file partitioning in superscalar microprocessors for energy efficiency

Register file is one of the vital and energy consuming parts inside microprocessor. Many studies show that it is one of the hot spots on the chip. It is also observed by many researchers that many of the produced values in a processor are narrow. By using the narrow values, register files can store fewer bits and may be designed to need less static and dynamic energy. In this paper we propose a register file design that stores data in narrow value groups and values are written to those groups according to their widths. Size of narrow value groups can be set dynamically according to the behavior of the program while having the same performance. We show that the register file which has dynamically changing narrow value groups offers static and dynamic energy savings in the register file up to 65% with negligible performance loss.

Exploiting inactive rename slots for detecting soft errors

Register renaming is a widely used technique to remove false data dependencies in superscalar datapaths. Rename logic consists of a table that holds a physical register mapping for each architectural register and a logic for checking intra-group dependencies. This logic checking consists of a number of comparators that compares the values of destination and source registers. Previous research has shown that the full capacity of the dependency checking logic is not used at each cycle. In this paper we propose some techniques that make use of the unused capacity of the dependency checking logic of the rename stage in order to detect soft errors that occur on the register tags while the instructions are passing through the frontend of the processor.