Search Icon
Register

CCTAG: Configurable and Combinable Tagged Architecture

Zhanpeng Liu (Peking University), Yi Rong (Tsinghua University), Chenyang Li (Peking University), Wende Tan (Tsinghua University), Yuan Li (Zhongguancun Laboratory), Xinhui Han (Peking University), Songtao Yang (Zhongguancun Laboratory), Chao Zhang (Tsinghua University)

Memory safety violations are a significant concern in real-world programs, prompting the development of various mitigation methods. However, existing cost-efficient defenses provide limited protection and can be bypassed by sophisticated attacks, necessitating the combination of multiple defenses. Unfortunately, combining these defenses often results in performance degradation and compatibility issues.

We present CCTAG, a lightweight architecture that simplifies the integration of diverse tag-based defense mechanisms. It offers configurable tag verification and modification rules to build various security policies, acting as basic protection primitives for defense applications. Its policy-centric mask design boosts flexibility and prevents conflicts, enabling multiple defense mechanisms to run concurrently. Our RISC-V prototype on an FPGA board demonstrates that CCTAG incurs minimal hardware overhead, with a slight increase in LUTs (6.77%) and FFs (8.02%). With combined protections including ret address protection, code pointer and vtable pointer integrity, and memory coloring, the SPEC CPU CINT2006 and CINT2017 benchmarks report low runtime overheads of 4.71% and 7.93%, respectively. Security assessments with CVEs covering major memory safety vulnerabilities and various exploitation techniques verify CCTAG’s effectiveness in mitigating real-world threats.

Paper
Slides
Video

View More Papers

ScopeVerif: Analyzing the Security of Android’s Scoped Storage via...

Zeyu Lei (Purdue University), Güliz Seray Tuncay (Google), Beatrice Carissa Williem (Purdue University), Z. Berkay Celik (Purdue University), Antonio Bianchi (Purdue University)

Read More

PhantomLiDAR: Cross-modality Signal Injection Attacks against LiDAR

Zizhi Jin (Zhejiang University), Qinhong Jiang (Zhejiang University), Xuancun Lu (Zhejiang University), Chen Yan (Zhejiang University), Xiaoyu Ji (Zhejiang University), Wenyuan Xu (Zhejiang University)

Read More

A Comprehensive Memory Safety Analysis of Bootloaders

Jianqiang Wang (CISPA Helmholtz Center for Information Security), Meng Wang (CISPA Helmholtz Center for Information Security), Qinying Wang (Zhejiang University), Nils Langius (Leibniz Universität Hannover), Li Shi (ETH Zurich), Ali Abbasi (CISPA Helmholtz Center for Information Security), Thorsten Holz (CISPA Helmholtz Center for Information Security)

Read More

Magmaw: Modality-Agnostic Adversarial Attacks on Machine Learning-Based Wireless Communication...

Jung-Woo Chang (University of California, San Diego), Ke Sun (University of California, San Diego), Nasimeh Heydaribeni (University of California, San Diego), Seira Hidano (KDDI Research, Inc.), Xinyu Zhang (University of California, San Diego), Farinaz Koushanfar (University of California, San Diego)

Read More