A Framework to Secure Applications with ISA Heterogeneity


Software security attacks are evolving from exploiting common code vulnerabilities to exploiting micro architecture side-channels. Traditional software diversity or code randomization techniques diversify the code memory layout and make it difficult for potential attackers to pinpoint the precise location of the target vulnerability. However, those approaches may not be sufficient enough for the new micro architecture attacks (e.g., Spectre). While some architecture researchers have proposed using diverse ISA configurations to defeat code injection or code reuse attacks, most of these works remain in the simulation stage due to legal, licensing, and verification costs involved in bringing a heterogeneous chip design into physical hardware. In this paper, we report our on-going work of HeterSec, a framework to secure applications utilizing real world heterogeneous ISA machines. HeterSec runs on top of the commodity x86_64 and ARM64 machines. It gives the process the ability to dynamically select its underlying ISA environment. Therefore, the protected process would hide the vulnerable targets with the diversified instruction set, or would detect the abnormal behavior by comparing the execution results step-by-step from multiple ISA-diversified instances. To demonstrate the effectiveness of such software framework, we implemented HeterSec on Linux and showed its deployability by running it on a x86_64 and ARM64 machine pair, connected using InfiniBand. We then conduct two case studies with HeterSec. In the first case, we timely randomize the process execution path across the ISA, which achieves similar security guarantees as the existing architecture based solutions. In the second case, we implement a multi-ISA based multi-version execution (MVX) system, providing a stronger security guarantee than current homogeneousISA MVX designs.

Dresden, Germany (co-located with EuroSys)