Skip to content
ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations [ ASPLOS'19 ]
C++ C Makefile Shell Python PHP
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
analyzer
conf
include
llvm
recorder
LICENSE
README.md
autosetup-rdef.sh
autosetup.inc
common.inc
script.inc

README.md

ProbeGuard

ProbeGuard: Mitigating Probing Attacks Through Reactive Program Transformations [ASPLOS'19]

Many modern defenses against code reuse rely on hiding sensitive data such as shadow stacks in a huge memory address space. While much more efficient than traditional integritybased defenses, these solutions are vulnerable to probing attacks which quickly locate the hidden data and compromise security. This has led researchers to question the value of information hiding in real-world software security. Instead, we argue that such a limitation is not fundamental and that information hiding and integrity-based defenses are two extremes of a continuous spectrum of solutions.

We propose ProbeGuard, that automatically balances performance and security by deploying an existing information hiding based baseline defense and then incrementally moving to more powerful integrity-based defenses by hotpatching when probing attacks occur. ProbeGuard is efficient, provides strong security, and gracefully trades off performance upon encountering more probing primitives.

We will present this paper at ASPLOS'19.

Source code

We are publishing the source code here, during the conference in April 2019.

You can’t perform that action at this time.