Background
The objective of this internal research (IR) project was to investigate a potential method for providing hardware-level support for mitigating code injection vulnerabilities in software, and to demonstrate the capability on field-programmable gate array (FPGA) hardware. “Code injection” refers to a class of software vulnerabilities which allow an attacker to send malicious code to a target for execution, allowing for arbitrary operations on the underlying system. The typical mitigation strategy for this vulnerability is input sanitization, but this process is error-prone, and even a single point of failure can be escalated to gain control of a vulnerable system. By contrast, a simple instruction set architecture (ISA)-level mechanism for tracking the locations of inputs in memory can reduce the risk associated with this vulnerability by allowing system software to efficiently detect and prevent code injection attempts. Further, this mechanism would provide protection invisibly at the application level, and with very little modification to existing systems software. This concept deviates from existing secure central processing unit (CPU) designs, which have instead focused on other problem domains and offer no mitigations against code injection attacks.
Approach
To demonstrate injection mitigation at the hardware-level, the first step was to develop a module which maintains an efficient record structure for memory regions known to be at risk of containing malicious inputs. The research team explored potential solutions by using high level synthesis (HLS) tools to iteratively develop and test custom hardware algorithms for this purpose. Using latency and resource utilization info provided by the tool, each iteration’s efficacy was assessed with respect to the constraints imposed by CPU integration and FPGA implementation. With a module design finalized, efforts proceeded by selecting a suitable CPU to integrate with, performing the integration, and developing demonstration software to run on the integrated platform. The first CPU selected for integration was an embedded design with a co-processor interface for implementing non-branching instructions. This interface allowed for efficient integration of the memory tracker module, as well as a simple ISA extension. Modifications to the hardware testbench and firmware of the original CPU design allowed the research team to implement a randomized stress test for validation purposes, as well as a simple application to demonstrate how the integration would be leveraged in a real system. Remaining work focused on repeating the demonstration on a general-purpose processor design.
Accomplishments
The memory tracker module was successfully validated on one CPU design, with another close behind. Software running on the modified system proved the concept’s efficacy by detecting and preventing code injection attempts against a vulnerable application. The final hardware design can maintain record of up to 65,536 non-overlapping memory ranges with 5-10 cycles of lookup latency and is configurable to meet a variety of resource usage, latency, and clock frequency requirements. Additionally, patterns discovered during CPU integration efforts were documented to assist with future developments in this area.