Control flow integrity enforcement with dynamic code optimization
Control Flow Integrity (CFI) is an attractive security property with which most injected and code reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). However, comprehensive enforcement of CFI is expensive due to additional supports needed (e...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2016
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/3419 https://ink.library.smu.edu.sg/context/sis_research/article/4420/viewcontent/Controlflowintegrityenforcement.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-4420 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-44202018-03-09T09:24:04Z Control flow integrity enforcement with dynamic code optimization LIN, Yan TANG, Xiaoxiao GAO, Debin FU, Jianming Control Flow Integrity (CFI) is an attractive security property with which most injected and code reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). However, comprehensive enforcement of CFI is expensive due to additional supports needed (e.g., compiler support and presence of relocation or debug information) and performance overhead. Recent research has been trying to strike the balance among reasonable approximation of the CFI properties, minimal additional supports needed, and acceptable performance. We investigate existing dynamic code optimization techniques and find that they provide an architecture on which CFI can be enforced effectively and efficiently. In this paper, we propose and implement DynCFI that enforces security policies on a well established dynamic optimizer and show that it provides comparable CFI properties with existing CFI implementations while lowering the overall performance overhead from 28.6 % to 14.8 %. We further perform comprehensive evaluations and shed light on the exact amount of savings contributed by the various components of the dynamic optimizer including basic block cache, trace cache, branch prediction, and indirect branch lookup. 2016-09-01T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/3419 info:doi/10.1007/978-3-319-45871-7_22 https://ink.library.smu.edu.sg/context/sis_research/article/4420/viewcontent/Controlflowintegrityenforcement.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Control Flow Integrity Return-oriented programming Dynamic code optimization Computer Sciences Databases and Information Systems Theory and Algorithms |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Control Flow Integrity Return-oriented programming Dynamic code optimization Computer Sciences Databases and Information Systems Theory and Algorithms |
| spellingShingle |
Control Flow Integrity Return-oriented programming Dynamic code optimization Computer Sciences Databases and Information Systems Theory and Algorithms LIN, Yan TANG, Xiaoxiao GAO, Debin FU, Jianming Control flow integrity enforcement with dynamic code optimization |
| description |
Control Flow Integrity (CFI) is an attractive security property with which most injected and code reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). However, comprehensive enforcement of CFI is expensive due to additional supports needed (e.g., compiler support and presence of relocation or debug information) and performance overhead. Recent research has been trying to strike the balance among reasonable approximation of the CFI properties, minimal additional supports needed, and acceptable performance. We investigate existing dynamic code optimization techniques and find that they provide an architecture on which CFI can be enforced effectively and efficiently. In this paper, we propose and implement DynCFI that enforces security policies on a well established dynamic optimizer and show that it provides comparable CFI properties with existing CFI implementations while lowering the overall performance overhead from 28.6 % to 14.8 %. We further perform comprehensive evaluations and shed light on the exact amount of savings contributed by the various components of the dynamic optimizer including basic block cache, trace cache, branch prediction, and indirect branch lookup. |
| format |
text |
| author |
LIN, Yan TANG, Xiaoxiao GAO, Debin FU, Jianming |
| author_facet |
LIN, Yan TANG, Xiaoxiao GAO, Debin FU, Jianming |
| author_sort |
LIN, Yan |
| title |
Control flow integrity enforcement with dynamic code optimization |
| title_short |
Control flow integrity enforcement with dynamic code optimization |
| title_full |
Control flow integrity enforcement with dynamic code optimization |
| title_fullStr |
Control flow integrity enforcement with dynamic code optimization |
| title_full_unstemmed |
Control flow integrity enforcement with dynamic code optimization |
| title_sort |
control flow integrity enforcement with dynamic code optimization |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2016 |
| url |
https://ink.library.smu.edu.sg/sis_research/3419 https://ink.library.smu.edu.sg/context/sis_research/article/4420/viewcontent/Controlflowintegrityenforcement.pdf |
| _version_ |
1770573195149049856 |