Value-Based Constraint Control Flow Integrity

Cited 4 time in webofscience Cited 3 time in scopus
  • Hit : 601
  • Download : 294
Control flow integrity (CFI) is a generic technique that prevents a control flow hijacking attacks by verifying the legitimacy of indirect branches against a predefined set of targets. State-of-the-art CFI solutions focus on reducing the number of targets using the context of a program such as the path to the indirect branch and the origin of the code pointer. However, these solutions work with an impractical assumption that the attacker only compromises control data; non-control data such as condition data that can also be abused by attackers are not considered. To overcome these limitations, in this paper, we propose value-based constraint CFI (vCFI) to improve the effectiveness of CFI by retrieving and protecting all data that can potentially be manipulated for control flow hijacking. We first perform static analysis such as dependency, condition, and data analyses to derive all control flow-related data. Then, vCFI protects these data during runtime by instrumenting a program to be hardened. We implemented vCFI as a compiler extension and evaluated its performance using SPEC CPU2006. The performance degradation caused by adopting vCFI was reasonable, and the average overhead was 13.6 & x0025;.
Publisher
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
Issue Date
2020-03
Language
English
Article Type
Article
Citation

IEEE ACCESS, v.8, pp.50531 - 50542

ISSN
2169-3536
DOI
10.1109/ACCESS.2020.2980026
URI
http://hdl.handle.net/10203/274044
Appears in Collection
CS-Journal Papers(저널논문)
Files in This Item
ValueBased-Constraint-Control-Flow-Integrity202...(5.58 MB)Download
This item is cited by other documents in WoS
⊙ Detail Information in WoSⓡ Click to see webofscience_button
⊙ Cited 4 items in WoS Click to see citing articles in records_button

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0