Background
The objective of this internal research project was to investigate a potential method for providing hardware-level support for mitigating code injection vulnerabilities in software, and to demonstrate the capability on field-programmable gate array (FPGA) hardware. “Code injection” refers to a class of software vulnerabilities which allow an attacker to send malicious code to a target for execution, allowing for arbitrary operations on the underlying system. The typical mitigation strategy for this vulnerability is input sanitization, but this process is error-prone, and the stakes are high. In just the wrong place, even a single point of failure can cascade until malicious actors gain unfettered control of a vulnerable system. By contrast, a simple instruction set architecture (ISA)-level mechanism for tracking inputs can reduce the risk associated with this vulnerability by allowing system software to efficiently detect and prevent code injection attempts, all invisibly to applications, and with very little modification to existing software. This concept deviates from existing secure central processing unit (CPU) designs, which focus on other problem domains and offer no mitigations against code injection attacks.
Approach
To demonstrate injection mitigation at the hardware level, the first step was to develop a module which maintains an efficient record structure for known unsafe memory regions. The research team explored potential solutions by using high-level synthesis (HLS) techniques to iteratively develop and test a custom algorithm for this purpose. Using the latency and resource utilization info provided by the tool, each iteration’s efficacy was assessed with respect to the constraints imposed by CPU integration and FPGA implementation. With a module design in place, remaining efforts focused on selecting a suitable CPU to integrate with, performing the integration, and developing demonstration software to run on the integrated platform. The CPU selected for integration was an embedded design (as opposed to general-purpose) with a co-processor interface for implementing non-branching instructions. This interface allows the memory tracker module to be integrated in a straightforward manner using a simple wrapper module, developed using the Verilog hardware description language (HDL). Finally, modifications to the testbench and test firmware of the original CPU design allowed the research team to implement a randomized stress test for validation purposes, as well as a simple demo application to show how the integration would be leveraged in a real system.
Accomplishments
While this project is still in progress, a demonstration of the module’s intended effect on security has already proven successful on one CPU design. In its default configuration, the memory tracker module manages 65,536 ranges with a 5-10 cycles of lookup latency. Over the remaining duration of the project, work is underway to produce an interactive demo on a much more capable processor, which can be programmed into FPGA hardware and run a full operating system (OS).