Securing Resource-Constrained Processors with Name Confusion


We introduce a novel concept, called Name Confusion, and demonstrate how it can be employed to enhance the security of resource-constrained processors. By building upon Name Confusion, we derive Phantom Name System (PNS): a security protocol that provides multiple names (addresses) to program instructions. Unlike the conventional model of virtual memory with a one-to-one mapping between instructions and virtual memory addresses, PNS creates N mappings for the same instruction, and randomly switches between them at runtime. PNS achieves fast randomization, at the granularity of basic blocks, which mitigates certain classes of code-reuse attacks. If an attacker uses a memory safety-related vulnerability to cause any of the instruction addresses to be different from the one chosen during a fetch, the exploited program will crash. We quantitatively evaluate how PNS mitigates real-world code-reuse attacks by reducing the success probability of typical exploits to approximately 10^-12. We implement PNS and validate it by running the SPEC CPU2017 benchmark suite on Gem5. Our evaluation results show that PNS has negligible performance overhead, compared to commercially-available hardware-based protections. Due to its simple design, PNS can have other use cases beyond mitigating code-reuse attacks.

Technical Report