A metadata-driven approach to efficiently detect code-reuse attacks on ARM multiprocessors

Abstract

In recent years, there is a growing need to protect security and privacy of the data against various attacks on software running on smart mobile devices. As of today, the code-reuse attack (CRA) is known as one of the most sophisticated techniques. We in this paper propose a hardware-assisted solution that can be practically deployed into the existing ARM-based mobile devices. We exploit CoreSight debug interface to obtain the core internal information. As the information fed from the debug interface is insufficient for our purpose to detect CRAs, our solution uses the metadata to supplement the lacking information. However, most metadata-driven approaches suffer from the significant storage overhead to store every basic information describing the original data that is vital to their analysis or techniques. As this large space overhead can be a major obstacle to the general acceptance of our solution in ARM-based devices with strict performance constraints, we have endeavored to develop a technique minimizing the memory overhead. Also, we have extended our solution to apply to multiprocessor SoCs as the growing number of computing systems including mobile devices use multiprocessor architectures. Experimental results show that our solution detects CRAs with 1.74% performance overhead in dual-CPU system and requires only 5.66% more memories for storing metadata.