To safeguard hardware, eliminate incriminating code hints

To safeguard hardware, eliminate incriminating code hints

Strutting through the digital realm like a secretive chef with a palate-pleasing recipe, you got your top-secret program instructions penned in a journal for safekeeping. But unlike your worn-out cookbook, computer memory doesn't sport visible clues about where these instructions are squirreled away.

Standard practice - a technique known as "address space layout randomization" (ASLR) - gives these treasured code pieces a free-for-all, scattering them around the computer's physical memory. Yet, smarter hackers are now on the prowl, using tricks called microarchitectural side attacks to home in on these locations. By checking out which memory areas are frequently used, they can employ underhanded code to expose passwords and make systemic changes without raising a red flag. This sneaky tactic is popularly known as code-reuse attacks.

To beef up ASLR's defenses, researchers from the Massachusetts Institute of Technology (MIT) have whipped up an innovative concoction dubbed "Oreo." Much like its delectable namesake, Oreo has three tasty layers designed to hide the telltale traces of program code gadgets (short instruction sequences for specific tasks) from prying eyes. This precedes execution within the hardware, making it a hassle for hackers to trace a program's original location in the virtual address space through hardware attacks.

Shixin Song, an MIT PhD student in electrical engineering and computer science, is the lead author of a paper detailing Oreo's workings. According to Song, "We got the idea to structure it in three layers from Oreo cookies." The middle layer, reminiscent of the white filling in an Oreo, essentially scours away all traces of gadget locations before they tumble into unwelcome hands. Mengjia Yan, an MIT associate professor and CSAIL principal investigator believes that Oreo's masking abilities could bolster ASLR's security and dependability.

ASLR has been utilized in operating systems like Windows and Linux, but its defenses have recently shown signs of wear and tear. The researchers aim to resuscitate ASLR in modern systems to safeguard against microarchitecture attacks. To achieve this, they've concocted a software-hardware integration mechanism that stops secret offsets (clues about gadget locations) from seeping out.

The MIT researchers will divulge their Oreo findings soon at the Network and Distributed System Security Symposium. Preliminary tests suggest that Oreo can thwart microarchitectural side attacks without hampering the software it protects. According to Song, Oreo introduces only minimal hardware changes, while having little impact on software performance. This efficiency makes it a worthwhile security boost for page-table-based virtual memory systems like Linux, which can also be applied to major platforms such as Intel, AMD, and Arm.

Although Oreo adds an extra layer of secrecy by scrubbing away revealing bits of data before execution, it won't slow down applications much, if at all. As Song puts it, "Oreo is a lightweight security upgrade for operating systems." In the future, the team plans to develop defenses against speculative execution attacks, famous for their role in the Meltdown/Spectre debacles of 2018.

To fend off speculative execution attacks, Oreo will need to join forces with other security measures, such as Spectre mitigations. While this could potentially limit its applicability, Song and Yan are enthusiastic about exploring its use across a broader range of applications, including the protection of critical crypto libraries commonly used to safeguard information across networks and cloud storage.

1. Graduate students, especially those in electrical engineering and computer science, are essential in the research and development of new cybersecurity technologies, like the MIT's Oreo, designed to protect against microarchitectural side attacks.
2. Advancements in data-and-cloud-computing technology require continuous research and innovation in engineering and science to improve security measures, such as the integration of software and hardware in systems like Oreo.
3. ASLR (Address Space Layout Randomization) is a security technique used in operating systems like Windows and Linux, which can be improved and reinforced with innovative solutions like Oreo to ensure the safety of sensitive information, such as passwords and system configurations, in space technology research.
4. The integration of Oreo in major platforms like Intel, AMD, and Arm could significantly enhance the security of undergraduate and graduate engineering programs, protecting them from potential cyber attacks in various fields like space exploration, cybersecurity, and technology development.
5. By masking revealing bits of data before execution and introducing minimal hardware changes, Oreo functions as a lightweight security upgrade for page-table-based virtual memory systems and can be applied to protect critical crypto libraries used in science, technology, and modern cloud storage systems.

Read also: