scholarly journals Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

2021 ◽  
Vol 20 (5s) ◽  
pp. 1-25
Author(s):  
Stefan Tauner ◽  
Mario Telesklav
Keyword(s):  
Comparative Analysis ◽  
Control Flow ◽  
Code Reuse ◽  
Powerful Technique ◽  
Fine Grained ◽  
Time Performance ◽  
Meaningful Comparison ◽  
Control Flow Integrity ◽  
Flow Graphs ◽  
Common Platform

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today’s systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and mitigate such attacks. In recent years, many hardware-assisted implementations of CFI enforcement based on control flow graphs (CFGs) have been presented by academia. Such approaches check whether control flow transfers follow the intended CFG by limiting the valid target addresses. However, these papers all target different platforms and were evaluated with different sets of benchmark applications, which makes quantitative comparisons hardly possible. For this paper, we have implemented multiple promising CFG-based CFI schemes on a common platform comprising a RISC-V within FPGA. By porting almost 40 benchmark applications to this system we can present a meaningful comparison of the various techniques in terms of run-time performance, hardware utilization, and binary size. In addition, we present an enhanced CFI approach that is inspired by what we consider the best concepts and ideas of previously proposed mechanisms. We have made this approach more practical and feature-complete by tackling some problems largely ignored previously. We show with this fine-grained scheme that CFI can be achieved with even less overheads than previously demonstrated.

scholarly journals Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS

2018 ◽  
Vol 2018 ◽  
pp. 1-11 ◽  
Author(s):  
Weizhong Qiang ◽  
Shizhen Wang ◽  
Hai Jin ◽  
Jiangying Zhong
Keyword(s):  
Security Analysis ◽  
Control Flow ◽  
Security And Privacy ◽  
Code Reuse ◽  
Fine Grained ◽  
Function Calls ◽  
Legitimate Target ◽  
Control Flow Integrity ◽  
Target Set ◽  
And Performance

A cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and reusing existing code may also be threats to CPS. Various defense techniques are proposed in recent years as countermeasures to emerging code reuse attacks. However, they may fail to fulfill the security requirement well because they cannot protect the indirect function calls properly when it comes to dynamic code reuse attacks aiming at forward edges of control-flow graph (CFG). In this paper, we propose P-CFI, a fine-grained control-flow integrity (CFI) method, to protect CPS against memory-related attacks. We use points-to analysis to construct the legitimate target set for every indirect call cite and check whether the target of the indirect call cite is in the legitimate target set at runtime. We implement a prototype of P-CFI on LLVM and evaluate both its functionality and performance. Security analysis proves that P-CFI can mitigate the dynamic code reuse attack based on forward edges of CFG. Performance evaluation shows that P-CFI can protect CPS from dynamic code reuse attacks with trivial time overhead between 0.1% and 3.5% (Copyright © 2018 John Wiley & Sons, Ltd.).

scholarly journals Reconciling optimization with secure compilation

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Son Tuan Vu ◽  
Albert Cohen ◽  
Arnaud De Grandmaison ◽  
Christophe Guillon ◽  
Karine Heydemann
Keyword(s):  
Side Effects ◽  
Control Flow ◽  
Partial Ordering ◽  
Input Output ◽  
Machine Code ◽  
Fine Grained ◽  
Control Flow Integrity ◽  
Correct Execution ◽  
Source Level ◽  
And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

scholarly journals Corrigendum to “Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS”

2018 ◽  
Vol 2018 ◽  
pp. 1-1
Author(s):  
Weizhong Qiang ◽  
Shizhen Wang ◽  
Hai Jin ◽  
Jiangying Zhong
Keyword(s):  
Control Flow ◽  
Fine Grained ◽  
Control Flow Integrity

ABCFI: Fast and Lightweight Fine-Grained Hardware-Assisted Control-Flow Integrity

2020 ◽  
Vol 39 (11) ◽  
pp. 3165-3176
Author(s):  
Jinfeng Li ◽  
Liwei Chen ◽  
Gang Shi ◽  
Kai Chen ◽  
Dan Meng
Keyword(s):  
Control Flow ◽  
Fine Grained ◽  
Control Flow Integrity

scholarly journals Call Graph and Model Checking for Fine-Grained Android Malicious Behaviour Detection

2020 ◽  
Vol 10 (22) ◽  
pp. 7975
Author(s):  
Giacomo Iadarola ◽  
Fabio Martinelli ◽  
Francesco Mercaldo ◽  
Antonella Santone
Keyword(s):  
Data Structure ◽  
Model Checking ◽  
Private Information ◽  
Control Flow ◽  
Graph Data ◽  
Call Graph ◽  
Fine Grained ◽  
Call Graphs ◽  
Android Applications ◽  
Flow Graphs

The increasing diffusion of mobile devices, widely used for critical tasks such as the transmission of sensitive and private information, corresponds to an increasing need for methods to detect malicious actions that can undermine our data. As demonstrated in the literature, the signature-based approach provided by antimalware is not able to defend users from new threats. In this paper, we propose an approach based on the adoption of model checking to detect malicious families in the Android environment. We consider two different automata representing Android applications, based respectively on Control Flow Graphs and Call Graphs. The adopted graph data structure allows to detect potentially malicious behaviour and also localize the code where the malicious action happens. We experiment the effectiveness of the proposed method evaluating more than 3000 real-world Android samples (with 2552 malware belonging to 21 malicious family), by reaching an accuracy ranging from 0.97 to 1 in malicious family detection.

Sign in / Sign up

Export Citation Format

Share Document