<efrbr:recordSet xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:efrbr="http://vfrbr.info/efrbr/1.1" xmlns:efrbr-work="http://vfrbr.info/efrbr/1.1/work" xmlns:efrbr-expression="http://vfrbr.info/efrbr/1.1/expression" xmlns:efrbr-manifestation="http://vfrbr.info/efrbr/1.1/manifestation" xmlns:efrbr-person="http://vfrbr.info/efrbr/1.1/person" xmlns:efrbr-corporateBody="http://vfrbr.info/efrbr/1.1/corporateBody" xmlns:efrbr-concept="http://vfrbr.info/efrbr/1.1/concept" xmlns:efrbr-structure="http://vfrbr.info/efrbr/1.1/structure" xmlns:efrbr-responsible="http://vfrbr.info/efrbr/1.1/responsible" xmlns:efrbr-subject="http://vfrbr.info/efrbr/1.1/subject" xmlns:efrbr-other="http://vfrbr.info/efrbr/1.1/other" xsi:schemaLocation="http://vfrbr.info/efrbr/1.1 http://vfrbr.info/schemas/1.1/efrbr.xsd"><efrbr:entities><efrbr-work:work identifier="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C"><efrbr-work:titleOfTheWork>On architectural support for instruction set randomization</efrbr-work:titleOfTheWork></efrbr-work:work><efrbr-expression:expression identifier="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C"><efrbr-expression:titleOfTheExpression>On architectural support for instruction set randomization</efrbr-expression:titleOfTheExpression><efrbr-expression:formOfExpression vocabulary="DIAS:TYPES">
            Peer-Reviewed Journal Publication
            Δημοσίευση σε Περιοδικό με Κριτές
         </efrbr-expression:formOfExpression><efrbr-expression:dateOfExpression type="issued">2021-12-28</efrbr-expression:dateOfExpression><efrbr-expression:dateOfExpression type="published">2020</efrbr-expression:dateOfExpression><efrbr-expression:languageOfExpression vocabulary="iso639-1">en</efrbr-expression:languageOfExpression><efrbr-expression:summarizationOfContent>Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by randomizing the instruction set of each process. Thereby, even if an attacker succeeds to inject code, it will fail to execute on the randomized processor. The majority of existing ISR implementations is based on emulators and binary instrumentation tools that unfortunately: (i) incur significant runtime performance overheads, (ii) limit the ease of deployment, (iii) cannot protect the underlying operating system kernel, and (iv) are vulnerable to evasion attempts that bypass the ISR protection itself.
To address these issues, we present the design and implementation of ASIST, an architecture with both hardware and operating system support for ISR. ASIST uses our extended SPARC processor that is mapped onto a FPGA board and runs our modified Linux kernel to support the new features. In particular, before executing a new user-level process, the operating system loads its randomization key into a newly defined register, and the modified processor decodes the process’s instructions with this key. Besides that, ASIST uses a separate randomization key for the operating system to protect the base system against attacks that exploit kernel vulnerabilities to run arbitrary code with elevated privileges. Our evaluation shows that ASIST can transparently protect both user-land applications and the operating system kernel from code injection and code reuse attacks, with about 1.5% runtime overhead when using simple encryption schemes, such as XOR and Transposition; more secure ciphers, such as AES, even though they are much more complicated for mapping them to hardware, they are still within acceptable margins,with approximately 10% runtime overhead, when efficiently leveraging the spatial locality of code through modern instruction cache configurations.</efrbr-expression:summarizationOfContent><efrbr-expression:useRestrictionsOnTheExpression type="creative-commons">http://creativecommons.org/licenses/by/4.0/</efrbr-expression:useRestrictionsOnTheExpression><efrbr-expression:note type="journal name">ACM Transactions on Architecture and Code Optimization</efrbr-expression:note><efrbr-expression:note type="journal volume">17</efrbr-expression:note><efrbr-expression:note type="journal number">4</efrbr-expression:note><efrbr-expression:note type="page range">1–26</efrbr-expression:note></efrbr-expression:expression><efrbr-manifestation:manifestation identifier="https://dias.library.tuc.gr/view/91171"><efrbr-manifestation:titleOfTheManifestation>Christou_et_al_ACM Trans. Archit. Code Optim._17(4)_2020.pdf</efrbr-manifestation:titleOfTheManifestation><efrbr-manifestation:publicationDistribution><efrbr-manifestation:placeOfPublicationDistribution type="distribution">Chania [Greece]</efrbr-manifestation:placeOfPublicationDistribution><efrbr-manifestation:publisherDistributor type="distributor">Library of TUC</efrbr-manifestation:publisherDistributor><efrbr-manifestation:dateOfPublicationDistribution>2021-12-28</efrbr-manifestation:dateOfPublicationDistribution></efrbr-manifestation:publicationDistribution><efrbr-manifestation:formOfCarrier>application/pdf</efrbr-manifestation:formOfCarrier><efrbr-manifestation:extentOfTheCarrier>2.2 MB</efrbr-manifestation:extentOfTheCarrier><efrbr-manifestation:accessRestrictionsOnTheManifestation>free</efrbr-manifestation:accessRestrictionsOnTheManifestation></efrbr-manifestation:manifestation><efrbr-person:person identifier="3D3801B7-B281-47E2-A169-8F122A22A6DE"><efrbr-person:nameOfPerson vocabulary="">
            Christou George
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="10CE96C5-9162-401A-B8A4-294C7C706C2F"><efrbr-person:nameOfPerson vocabulary="">
            Vasiliadis Giorgos
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="1D54CF64-65AA-432A-9804-513B8DFB52CF"><efrbr-person:nameOfPerson vocabulary="">
            Papaefstathiou Vassilis
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="37F6B7DB-E38E-4ECB-8826-834EC79E526C"><efrbr-person:nameOfPerson vocabulary="">
            Papadogiannakis Antonis
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="http://users.isc.tuc.gr/~sioannidis"><efrbr-person:nameOfPerson vocabulary="TUC:LDAP">
            Ioannidis Sotirios
            Sotirios
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-corporateBody:corporateBody identifier="https://v2.sherpa.ac.uk/id/publisher/21"><efrbr-corporateBody:nameOfTheCorporateBody vocabulary="S/R:PUBLISHERS">
            Association for Computing Machinery (ACM)
         </efrbr-corporateBody:nameOfTheCorporateBody></efrbr-corporateBody:corporateBody><efrbr-concept:concept identifier="F6AB92A4-0947-47CD-AEA4-1FD9FEAA8F52"><efrbr-concept:termForTheConcept>
            Code injection
         </efrbr-concept:termForTheConcept></efrbr-concept:concept><efrbr-concept:concept identifier="853CE577-23BF-42A6-AC88-360B706C08CF"><efrbr-concept:termForTheConcept>
            Instruction set randomization
         </efrbr-concept:termForTheConcept></efrbr-concept:concept><efrbr-concept:concept identifier="7C26F87E-4D3F-41BA-8D50-928F7237AD23"><efrbr-concept:termForTheConcept>
            Hardware assisted security
         </efrbr-concept:termForTheConcept></efrbr-concept:concept></efrbr:entities><efrbr:relationships><efrbr-structure:structureRelations><efrbr-structure:realizedThrough sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="expression" targetURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C"/><efrbr-structure:embodiedIn sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="manifestation" targetURI="http://purl.tuc.gr/dl/dias/A39DA64B-10C3-4DBD-9AAC-31DEAB52C11C"/></efrbr-structure:structureRelations><efrbr-responsible:responsibleRelations><efrbr-responsible:createdBy sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="3D3801B7-B281-47E2-A169-8F122A22A6DE"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="3D3801B7-B281-47E2-A169-8F122A22A6DE" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="10CE96C5-9162-401A-B8A4-294C7C706C2F" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="1D54CF64-65AA-432A-9804-513B8DFB52CF" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="37F6B7DB-E38E-4ECB-8826-834EC79E526C" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="http://users.isc.tuc.gr/~sioannidis" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="person" targetURI="https://v2.sherpa.ac.uk/id/publisher/21" role="publisher"/></efrbr-responsible:responsibleRelations><efrbr-subject:subjectRelations><efrbr-subject:hasSubject sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="concept" targetURI="F6AB92A4-0947-47CD-AEA4-1FD9FEAA8F52"/><efrbr-subject:hasSubject sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="concept" targetURI="853CE577-23BF-42A6-AC88-360B706C08CF"/><efrbr-subject:hasSubject sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/357C26C1-A2C9-4EE4-8192-7ABDF315600C" targetEntity="concept" targetURI="7C26F87E-4D3F-41BA-8D50-928F7237AD23"/></efrbr-subject:subjectRelations><efrbr-other:otherRelations/></efrbr:relationships></efrbr:recordSet>