Architectural techniques for protecting systems against emerging attacks

Recently emerged attacks have been shown to bypass the security mechanisms present in current computing systems. Code reuse attacks (CRAs) are able to circumvent the executable space protection mechanisms, while cache-based side channel attacks (CBSCAs) can steal secrets across isolation boundaries. New security mechnanisms that prevent these attacks while introducing minimal overhead are needed. This dissertation discusses CRAs, CBSCAs, presents several architectural protection techniques, and demonstrates their efficiency.;Code reuse attacks (CRAs) are recent security exploits that allow attackers to execute arbitrary code on a compromised machine. The CRAs, exemplified by return-oriented and jump-oriented programming approaches, reuse fragments of the library code, thus avoiding the need for explicit injection of attack code on the stack. Since the executed code is valid existing code, the CRAs are able to bypass current hardware and software security measures that prevent execution from writable pages of memory, such as data and stack regions. In this dissertation, we propose two lightweight hardware-supported approaches for protecting against CRAs, namely BR (Branch Regulation) and SCRAP (Signature-Based Protection from CRAs).;BR enforces simple control flow rules in hardware at the function granularity to disallow arbitrary control flow transfers from one function into the middle of another function. BR incurs negligible slowdown and increases in the code footprint. The function bounds information needed for BR can be simply derived from the binary without requiring the source code.;SCRAP is a software-configurable signature-based approach that can be designed to detect CRAs by observing the behavior of programs and detecting the gadget execution patterns. SCRAP can be implemented entirely in hardware using simple logic at the commit stage of the pipeline. SCRAP is realized with minimal performance cost, no changes to the software layers and no implications on binary compatibility. SCRAP can detect attacks that are able to bypass previous signature-based protection mechanisms, without generating any false alarms on a wide range of applications.;Cache-based side channel attacks (CBSCAs) exploit the fact that cache accesses performed by one process affects the state of hardware caches, in a way that can be partially observed by another process that shares the same cache. In some ciphers, the cache sets accessed during the cryptographic operation are related to the secret key. By measuring the difference in access latencies, an attacker can figure out the access pattern of the victim, and steal the key. In this dissertation, we present PP-RP---an improved CBSCA on the last-level cache (LLC) that relaxes the some of the restrictions in previous attacks.;We also present NIRO (Non-Inclusive Read-Only) cache for eliminating attacks that exploit the inclusive cache hierarchies. NIRO cache mitigates the side channel of the LLC by relaxing the inclusiveness property for read-only data, preventing the attacker from replacing the victim's data from the local core caches. We show that NIRO caches provide security, while at the same time improves performance and retains the snoop filtering capabilities of inclusive hierarchies.