Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS

A cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and reusing existing code may also be threats to CPS. Various defense techniques are proposed in recent years as countermeasures to emerging code reuse attacks. However, they may fail to fulfill the security requirement well because they cannot protect the indirect function calls properly when it comes to dynamic code reuse attacks aiming at forward edges of control-flow graph (CFG). In this paper, we propose P-CFI, a fine-grained control-flow integrity (CFI) method, to protect CPS against memory-related attacks. We use points-to analysis to construct the legitimate target set for every indirect call cite and check whether the target of the indirect call cite is in the legitimate target set at runtime. We implement a prototype of P-CFI on LLVM and evaluate both its functionality and performance. Security analysis proves that P-CFI can mitigate the dynamic code reuse attack based on forward edges of CFG. Performance evaluation shows that P-CFI can protect CPS from dynamic code reuse attacks with trivial time overhead between 0.1% and 3.5% (Copyright © 2018 John Wiley & Sons, Ltd.).

Download Full-text

Reconciling optimization with secure compilation

Proceedings of the ACM on Programming Languages ◽

10.1145/3485519 ◽

2021 ◽

Vol 5 (OOPSLA) ◽

pp. 1-30

Author(s):

Son Tuan Vu ◽

Albert Cohen ◽

Arnaud De Grandmaison ◽

Christophe Guillon ◽

Karine Heydemann

Keyword(s):

Side Effects ◽

Control Flow ◽

Partial Ordering ◽

Input Output ◽

Machine Code ◽

Fine Grained ◽

Control Flow Integrity ◽

Correct Execution ◽

Source Level ◽

And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

Download Full-text

Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

ACM Transactions on Embedded Computing Systems ◽

10.1145/3476989 ◽

2021 ◽

Vol 20 (5s) ◽

pp. 1-25

Author(s):

Stefan Tauner ◽

Mario Telesklav

Keyword(s):

Comparative Analysis ◽

Control Flow ◽

Code Reuse ◽

Powerful Technique ◽

Fine Grained ◽

Time Performance ◽

Meaningful Comparison ◽

Control Flow Integrity ◽

Flow Graphs ◽

Common Platform

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today’s systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and mitigate such attacks. In recent years, many hardware-assisted implementations of CFI enforcement based on control flow graphs (CFGs) have been presented by academia. Such approaches check whether control flow transfers follow the intended CFG by limiting the valid target addresses. However, these papers all target different platforms and were evaluated with different sets of benchmark applications, which makes quantitative comparisons hardly possible. For this paper, we have implemented multiple promising CFG-based CFI schemes on a common platform comprising a RISC-V within FPGA. By porting almost 40 benchmark applications to this system we can present a meaningful comparison of the various techniques in terms of run-time performance, hardware utilization, and binary size. In addition, we present an enhanced CFI approach that is inspired by what we consider the best concepts and ideas of previously proposed mechanisms. We have made this approach more practical and feature-complete by tackling some problems largely ignored previously. We show with this fine-grained scheme that CFI can be achieved with even less overheads than previously demonstrated.

Download Full-text

Corrigendum to “Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS”

Security and Communication Networks ◽

10.1155/2018/5618453 ◽

2018 ◽

Vol 2018 ◽

pp. 1-1

Author(s):

Weizhong Qiang ◽

Shizhen Wang ◽

Hai Jin ◽

Jiangying Zhong

Keyword(s):

Control Flow ◽

Fine Grained ◽

Control Flow Integrity

Download Full-text

Fine-Grained Control-Flow Integrity for Kernel Software

2016 IEEE European Symposium on Security and Privacy (EuroS&P) ◽

10.1109/eurosp.2016.24 ◽

2016 ◽

Cited By ~ 28

Author(s):

Xinyang Ge ◽

Nirupama Talele ◽

Mathias Payer ◽

Trent Jaeger

Keyword(s):

Control Flow ◽

Fine Grained ◽

Control Flow Integrity ◽

Kernel Software

Download Full-text

NSGA-II-Based Granularity-Adaptive Control-Flow Attestation

Security and Communication Networks ◽

10.1155/2021/2914192 ◽

2021 ◽

Vol 2021 ◽

pp. 1-16

Author(s):

Jing Zhan ◽

Yongzhen Li ◽

Yifan Liu ◽

Hongchao Li ◽

Shuai Zhang ◽

...

Keyword(s):

Adaptive Control ◽

Measurement Data ◽

Adaptive Strategy ◽

Control Flow ◽

Coarse Grained ◽

Embedded Devices ◽

Nsga Ii ◽

Performance Requirements ◽

Control Flow Integrity ◽

And Performance

Since the widespread adoption of edge computing and IoT technology, Control-Flow Hijacking (CFH) attacks targeting programs in resource-constrained embedded devices have become prevalent. While the Coarse-Grained Control-Flow integrity Attestation (CGCFA) lacks accuracy for the CFH attacks detection, the Fine-Grained Control-Flow integrity Attestation (FGCFA) detect the attacks more accurately but with high overheads, which can be a big burden (e.g., to industrial control system with strict performance requirements). In this paper, we propose a NSGA-II (Nondominated Sorting Genetic Algorithm-II) based Granularity-Adaptive Control-Flow Attestation (GACFA) for the programs in embedded devices. Specifically, we propose a Granularity-Adaptive Control-Flow representation model to reduce the complexity of programs’ control-flow graph and propose NSGA-II-based granularity-adaptive strategy generation algorithm to balance the security and performance requirements. Besides, runtime protection for the GACFA at the program end with SGX is proposed to protect the integrity and confidentiality of control-flow measurement data. The experiments show that our work can find out the best-so-far control-flow granularity with stability and provide secure program attestation for the verifier. In addition, the security/performance benefit of adopting our proposal over CGCFA is 13.7, 25.1, and 43.0 times that of adopting FGCFA over ours in different threat scenarios.

Download Full-text

Secure Multi-Subinterval Data Aggregation Scheme with Interval Privacy Preservation for Vehicle Sensing Systems

Journal of Circuits System and Computers ◽

10.1142/s0218126621502868 ◽

2021 ◽

pp. 2150286

Author(s):

Peng Hu ◽

Yongli Wang ◽

Ahmadreza Vajdi ◽

Bei Gong ◽

Yongjian Wang

Keyword(s):

Data Aggregation ◽

Privacy Preservation ◽

Homomorphic Encryption ◽

Security Analysis ◽

Security And Privacy ◽

Communication Overhead ◽

Network Resources ◽

Sensing Systems ◽

Aggregation Scheme ◽

And Performance

Road side units (RSUs) can act as fog nodes to perform data aggregation at the edge of network, which can reduce communication overhead and improve the utilization of network resources. However, because the RSU is public infrastructure, this feature may bring data security and privacy risks in data aggregation. In this paper, we propose a secure multi-subinterval data aggregation scheme, named SMDA, with interval privacy preservation for vehicle sensing systems. Specifically, our scheme combines the [Formula: see text] encoding theory and proxy re-encryption to protect interval privacy, this can ensure that the interval information is only known by the data center, and the RSU can classify the encrypted data without knowing the plaintext of the data and interval information. Meanwhile, our scheme employs the Paillier homomorphic encryption to accomplish data aggregation at the RSU, and the Identity-based batch authentication technology to solve authentication and data integrity. Finally, the security analysis and performance evaluations illustrate the safety and efficiency of our scheme.

Download Full-text