RegGuard: Leveraging CPU Registers for Mitigation of Control− and Data−Oriented Attacks

Abstract

CPU registers are small discrete storage units that are used to store temporary data and instructions within the CPU. Registers are not addressable in the same way memory is, which makes them immune to memory attacks and manipulation by other means. In this paper, we take advantage of this to protect critical program data with integrity guarantees that cover register spills. This protection effectively addresses control- and data-oriented attacks targeting the stack, even by adversaries with the full knowledge of program memory. Our solution RegGuard is a software-based mitigation technique that uses existing CPU registers and cryptographic primitives to protect critical variables with hardware-level assurance. Unlike conventional register allocation methods, RegGuard prioritises the security significance of a register candidate over its expected performance gain. Our scheme also deals effectively with saved registers to the stack, i.e., when the compiler frees registers to make room for the variables of a new call. With RegGuard, register values saved to the stack are protected, including strong adversaries with arbitrary read and write access capabilities. While our primary design focus is on security, performance is important for a scheme to be adopted in practice. RegGuard is still benefiting from the performance gain normally associated with register allocations and provides practical protection. Despite being adaptable to different CPU architectures, we showcase the performance of RegGuard using different benchmark programs and the C library on the ARM64 architecture as a proof-of-concept.