ZeRØ: Zero-Overhead Resilient Operation Under Pointer Integrity Attacks
pdf
ABSTRACT
Most end users want security but do not want the inconvenience of having it: they do not want their batteries drained, or apps slowed, or to be bothered with updates and crashes. This is the unfortunate reality that sends novel security techniques with even minor performance overheads to the crypt of great security ideas. Techniques that have been mass deployed in hardware (e.g., W^X and SMEP/SMAP) are the ones that have close to zero overheads. Even techniques like ARM's Pointer Authentication (PAC) --- which does have significant overhead when applied fully --- is applied partially to only protect code pointers, and only to the kernel to keep the overheads small.
Thus, low performance overhead and convenience are key to widespread adoption of security techniques. In this talk, I will describe ZeRØ, a hardware primitive for resilient operation when pointers are targeted with zero overhead. ZeRØ enforces code and data pointer integrity with minimal metadata. ZeRØ incurs 0% performance degradation compared to 14% for the state-of-the-art ARM PAC when applied to its full extent. ZeRØ matches or offers better security guarantees than ARM’s PAC and Intel’s CET. Moreover, our hardware measurements show that ZeRØ can be implemented with minimal latency/area/power overheads.
BIO
Mohamed Tarek is a PhD Candidate and Graduate Research Assistant at the Computer Science Department at Columbia University, advised by Prof. Simha Sethumadhavan. Mohamed’s research interests include systems security, microarchitecture design, and hardware support of security with special focus on memory safety. His work has been recognized with an IEEE Micro Top Pick Honorable Mention among all top-tier Computer Architecture conference papers published in 2019. Mohamed is the recipient of the Qualcomm Innovation Fellowship in 2020 (North America). Mohamed received his B.Sc and M.Sc in Computer Engineering from Ain Shams University, Cairo, Egypt in 2014 and 2017, respectively. Before joining Columbia, Mohamed worked as a teaching assistant in the Department of Computer and Systems Engineering, Ain Shams University, Cairo, Egypt and a part-time Software development engineer at the ESD division, Mentor Graphics Egypt (a Siemens Business). During his M.Sc. studies, Mohamed worked on using homomorphic encryption for secure data computations. More info @ https://www.cs.columbia.edu/~mtarek/
License: CC-2.5
Submitted by Anonymous
on
|
ABSTRACT Most end users want security but do not want the inconvenience of having it: they do not want their batteries drained, or apps slowed, or to be bothered with updates and crashes. This is the unfortunate reality that sends novel security techniques with even minor performance overheads to the crypt of great security ideas. Techniques that have been mass deployed in hardware (e.g., W^X and SMEP/SMAP) are the ones that have close to zero overheads. Even techniques like ARM's Pointer Authentication (PAC) --- which does have significant overhead when applied fully --- is applied partially to only protect code pointers, and only to the kernel to keep the overheads small. |
Thus, low performance overhead and convenience are key to widespread adoption of security techniques. In this talk, I will describe ZeRØ, a hardware primitive for resilient operation when pointers are targeted with zero overhead. ZeRØ enforces code and data pointer integrity with minimal metadata. ZeRØ incurs 0% performance degradation compared to 14% for the state-of-the-art ARM PAC when applied to its full extent. ZeRØ matches or offers better security guarantees than ARM’s PAC and Intel’s CET. Moreover, our hardware measurements show that ZeRØ can be implemented with minimal latency/area/power overheads.
BIO
Mohamed Tarek is a PhD Candidate and Graduate Research Assistant at the Computer Science Department at Columbia University, advised by Prof. Simha Sethumadhavan. Mohamed’s research interests include systems security, microarchitecture design, and hardware support of security with special focus on memory safety. His work has been recognized with an IEEE Micro Top Pick Honorable Mention among all top-tier Computer Architecture conference papers published in 2019. Mohamed is the recipient of the Qualcomm Innovation Fellowship in 2020 (North America). Mohamed received his B.Sc and M.Sc in Computer Engineering from Ain Shams University, Cairo, Egypt in 2014 and 2017, respectively. Before joining Columbia, Mohamed worked as a teaching assistant in the Department of Computer and Systems Engineering, Ain Shams University, Cairo, Egypt and a part-time Software development engineer at the ESD division, Mentor Graphics Egypt (a Siemens Business). During his M.Sc. studies, Mohamed worked on using homomorphic encryption for secure data computations. More info @ https://www.cs.columbia.edu/~mtarek/