Control-flow carrying code

Control-flow carrying code

Control-Flow Integrity (CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention (DEP), as an underlying basis. For instance, CFI defenses use read-only ad...

Full description

Saved in:
Bibliographic Details
Main Authors: LIN, Yan, GAO, Debin
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2019
Subjects:
Control-flow hijacking
Control-flow integrity
Instruction-set randomization
Secret sharing
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/4685
https://ink.library.smu.edu.sg/context/sis_research/article/5688/viewcontent/Control_flow_carrying_asiaccs19_pv.pdf
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-5688
record_format dspace
spelling sg-smu-ink.sis_research-56882020-01-09T07:24:01Z Control-flow carrying code LIN, Yan GAO, Debin Control-Flow Integrity (CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention (DEP), as an underlying basis. For instance, CFI defenses use read-only address tables to avoid metadata corruption. However, this assumption has shown to be invalid with advanced attacking techniques, such as Data-Oriented Programming, data race, and Rowhammer attacks. In addition, there are scenarios in which DEP is unavailable, e.g., bare-metal systems and applications with dynamically generated code. We present the design and implementation of Control-Flow Carrying Code (C3), a new CFI enforcement without depending on DEP, which makes the CFI policies embedded safe from being overwritten by attackers. C3 embeds the Control-Flow Graph (CFG) and its enforcement into instructions of the program by encrypting each basic block with a key derived from the CFG. The "proof-carrying" code ensures that only valid control flow transfers can decrypt the corresponding instruction sequences, and that any unintended control flow transfers or overwritten code segment would cause program crash with high probability due to the wrong decryption key and the corresponding random code bytes obtained. We implement C3 on top of an instrumentation platform and apply it to many popular programs. Our security evaluation shows that C3 is capable of enforcing strong CFI policies and is able to defend against most control-flow hijacking attacks while suffering from moderate runtime overhead. 2019-07-12T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4685 info:doi/10.1145/3321705.3329815 https://ink.library.smu.edu.sg/context/sis_research/article/5688/viewcontent/Control_flow_carrying_asiaccs19_pv.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Control-flow hijacking Control-flow integrity Instruction-set randomization Secret sharing Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Control-flow hijacking
Control-flow integrity
Instruction-set randomization
Secret sharing
Information Security
spellingShingle Control-flow hijacking
Control-flow integrity
Instruction-set randomization
Secret sharing
Information Security
LIN, Yan
GAO, Debin
Control-flow carrying code
description Control-Flow Integrity (CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention (DEP), as an underlying basis. For instance, CFI defenses use read-only address tables to avoid metadata corruption. However, this assumption has shown to be invalid with advanced attacking techniques, such as Data-Oriented Programming, data race, and Rowhammer attacks. In addition, there are scenarios in which DEP is unavailable, e.g., bare-metal systems and applications with dynamically generated code. We present the design and implementation of Control-Flow Carrying Code (C3), a new CFI enforcement without depending on DEP, which makes the CFI policies embedded safe from being overwritten by attackers. C3 embeds the Control-Flow Graph (CFG) and its enforcement into instructions of the program by encrypting each basic block with a key derived from the CFG. The "proof-carrying" code ensures that only valid control flow transfers can decrypt the corresponding instruction sequences, and that any unintended control flow transfers or overwritten code segment would cause program crash with high probability due to the wrong decryption key and the corresponding random code bytes obtained. We implement C3 on top of an instrumentation platform and apply it to many popular programs. Our security evaluation shows that C3 is capable of enforcing strong CFI policies and is able to defend against most control-flow hijacking attacks while suffering from moderate runtime overhead.
format text
author LIN, Yan
GAO, Debin
author_facet LIN, Yan
GAO, Debin
author_sort LIN, Yan
title Control-flow carrying code
title_short Control-flow carrying code
title_full Control-flow carrying code
title_fullStr Control-flow carrying code
title_full_unstemmed Control-flow carrying code
title_sort control-flow carrying code
publisher Institutional Knowledge at Singapore Management University
publishDate 2019
url https://ink.library.smu.edu.sg/sis_research/4685
https://ink.library.smu.edu.sg/context/sis_research/article/5688/viewcontent/Control_flow_carrying_asiaccs19_pv.pdf
_version_ 1770574965675917312

Similar Items