Live path control flow integrity

2018 ◽  
Author(s):  
Mohamad Barbar ◽  
Yulei Sui ◽  
Hongyu Zhang ◽  
Shiping Chen ◽  
Jingling Xue
Keyword(s):  
Control Flow ◽  
Path Control ◽  
Control Flow Integrity

Control Flow Integrity Based on Lightweight Encryption Architecture

2018 ◽  
Vol 37 (7) ◽  
pp. 1358-1369 ◽  
Author(s):  
Pengfei Qiu ◽  
Yongqiang Lyu ◽  
Jiliang Zhang ◽  
Dongsheng Wang ◽  
Gang Qu
Keyword(s):  
Control Flow ◽  
Control Flow Integrity ◽  
Lightweight Encryption

scholarly journals Analyzing control flow integrity with LLVM-CFI

2019 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Neumayer ◽  
Zhiqiang Lin ◽  
Gang Tan ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity

scholarly journals Reconciling optimization with secure compilation

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Son Tuan Vu ◽  
Albert Cohen ◽  
Arnaud De Grandmaison ◽  
Christophe Guillon ◽  
Karine Heydemann
Keyword(s):  
Side Effects ◽  
Control Flow ◽  
Partial Ordering ◽  
Input Output ◽  
Machine Code ◽  
Fine Grained ◽  
Control Flow Integrity ◽  
Correct Execution ◽  
Source Level ◽  
And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

$$\tau $$ CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries

2018 ◽  
pp. 423-444 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Fischer ◽  
Gang Tan ◽  
Zhiqiang Lin ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity

Research on Control Flow Integrity Scheme for Android Platform

2019 ◽  
Author(s):  
Jiesheng Zheng ◽  
Wuqiang Shen ◽  
Yanwei Shang ◽  
Aohui Wang ◽  
Ruigang Liang ◽  
...  
Keyword(s):  
Control Flow ◽  
Android Platform ◽  
Control Flow Integrity

scholarly journals Checking Function-Level Kernel Control Flow Integrity for Cloud Computing

IEEE Access ◽  
2018 ◽  
Vol 6 ◽  
pp. 41856-41865 ◽  
Author(s):  
Lin Ye ◽  
Xiangzhan Yu ◽  
Lei Yu ◽  
Bin Guo ◽  
Dongyang Zhan ◽  
...  
Keyword(s):  
Cloud Computing ◽  
Control Flow ◽  
Control Flow Integrity

scholarly journals Control-Flow Integrity: Attacks and Protections

2019 ◽  
Vol 9 (20) ◽  
pp. 4229 ◽  
Author(s):  
Sarwar Sayeed ◽  
Hector Marco-Gisbert ◽  
Ismael Ripoll ◽  
Miriam Birch
Keyword(s):  
Large Family ◽  
Research Community ◽  
Control Flow ◽  
Security Threat ◽  
Memory Errors ◽  
Software Developers ◽  
Control Flow Integrity ◽  
Indirect Branch ◽  
With Memory ◽  
Significant Attention

Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them.

Sign in / Sign up

Export Citation Format

Share Document