Envision yourself as a culinary artist possessing a highly coveted recipe. To keep your confidential instructions in mind, you jot them down in a notebook, but the placement of those details within the book is obvious from the creases and tears on the edges of that frequently consulted page.

Similar to how recipes are organized in a cookbook, the directives for running programs are allocated to distinct areas within a computer’s tangible memory. The conventional protective measure — known as “address space layout randomization” (ASLR) — disperses this vital code to various locations, yet cybercriminals have become adept at uncovering their new placements. Rather than infiltrating the software directly, they employ strategies called microarchitectural side-channel attacks that capitalize on the hardware, determining which memory sections are utilized most often. From this analysis, they can deploy code to unveil passwords and implement significant administrative modifications within the system (these are also termed code-reuse attacks).

To bolster the efficacy of ASLR, scholars from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) have devised a technique to make these indicators disappear. Their “Oreo” strategy mitigates hardware incursions by erasing randomized fragments of addresses that guide to a program’s instructions prior to their conversion into a physical location. It eliminates remnants of where code gadgets (or brief sequences of directives for specific tasks) are situated before they can be detected by hackers, thus significantly improving security for operating systems such as Linux.

Oreo consists of three tiers, much like its delicious namesake. Positioned between the virtual address space (which is utilized to reference program instructions) and the physical address space (where the code resides), Oreo introduces a novel “masked address space.” This reassigns code from randomized virtual addresses to fixed locations before execution within the hardware, complicating hackers’ attempts to trace the program’s original locations in the virtual address space through hardware breaches.

“Our conceptual framework for structuring it in three tiers was inspired by Oreo cookies,” states Shixin Song, a PhD candidate at MIT in electrical engineering and computer science (EECS) and an affiliate of CSAIL, who is the lead author of a research paper regarding this work. “Consider the white cream in the center of that treat — our equivalent is a layer that effectively obscures traces of gadget locations before they can fall into the wrong hands.”

Senior author Mengjia Yan, an associate professor at MIT in EECS and principal investigator at CSAIL, is convinced that Oreo’s masking capabilities may enhance the security and reliability of address space layout randomization.

“ASLR was implemented in operating systems like Windows and Linux, but over the past decade, its security vulnerabilities have rendered it nearly ineffective,” remarks Yan. “Our objective is to rejuvenate this mechanism in contemporary systems to counteract microarchitecture attacks, thus we’ve established a software-hardware co-design approach to hinder the leakage of secret offsets that disclose where the gadgets are.”

The CSAIL researchers are set to present their discoveries regarding Oreo at the upcoming Network and Distributed System Security Symposium later this month.

Song and her collaborators assessed how effectively Oreo could protect Linux by simulating hardware attacks in gem5, a platform widely used for exploring computer architecture. The findings indicated that it could thwart microarchitectural side-channel attacks without disrupting the software it secures.

Song notes that these tests illustrate how Oreo serves as a lightweight security enhancement for operating systems. “Our technique introduces minimal hardware modifications, requiring only a few additional storage units for metadata,” she explains. “Fortunately, it also exerts a negligible effect on software performance.”

While Oreo introduces an extra phase in program execution by wiping out sensitive data bits, it does not hinder application speed. This efficiency renders it a valuable security upgrade to ASLR for page-table-based virtual memory systems beyond Linux, including those typically observed in major platforms like Intel, AMD, and Arm.

In the future, the team aims to tackle speculative execution attacks — where cybercriminals deceive computers into anticipating their next operations, subsequently pilfering the concealed data left behind. A notable example is the notorious Meltdown/Spectre attacks that occurred in 2018.

To protect against speculative execution attacks, the team highlights that Oreo must be integrated with other security measures (such as mitigations for Spectre). This potential constraint also applies when scaling Oreo for larger systems.

“We believe Oreo could serve as a valuable software-hardware co-design framework for a wider array of applications,” suggests Yan. “Beyond focusing on ASLR, we are developing innovative methods that can assist in safeguarding essential crypto libraries commonly employed to protect data during network communication and cloud storage.”

Song and Yan co-authored the paper alongside MIT EECS undergraduate researcher Joseph Zhang. The team’s research was partly funded by Amazon, the U.S. Air Force Office of Scientific Research, and ACE, a center under the Semiconductor Research Corporation sponsored by the U.S. Defense Advanced Research Projects Agency (DARPA).