Control-flow integrity technology based on the combination of software and hardware
For shadow stack, balancing security and performance was difficult, and the forward CFI (control-flow integrity) scheme implemented by software was too expensive and difficult to be deployed in practice. A hybrid CFI scheme based on software and hardware integration, named SHCFI (control-flow integr...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2024-10-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024070 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841529531228225536 |
|---|---|
| author | LIANG Hao HE Benwei WANG Qingfeng CHENG Guozhen MA Hailong |
| author_facet | LIANG Hao HE Benwei WANG Qingfeng CHENG Guozhen MA Hailong |
| author_sort | LIANG Hao |
| collection | DOAJ |
| description | For shadow stack, balancing security and performance was difficult, and the forward CFI (control-flow integrity) scheme implemented by software was too expensive and difficult to be deployed in practice. A hybrid CFI scheme based on software and hardware integration, named SHCFI (control-flow integrity based on the combination of software and hardware), was proposed. Decompilation was undergone by the program using a binary rewriter to generate an intermediate representation, and various transfer instruction types were identified. For the protection of backward control flow, a novel parallel shadow stack scheme was introduced, featuring encrypted return addresses. This involved XOR encryption of return addresses on the stack using random numbers, with the encrypted results stored securely in a shadow stack located at a fixed offset on the original stack. During function returns, addresses in the shadow stack underwent XOR decryption, and the decrypted results served as the actual return addresses. For forward control flow protection, the hardware ENDBRANCH state machine instruction was utilized to mark the target addresses of indirect transfer instructions. At runtime, legitimacy checks were applied to these target addresses, thereby reducing performance overhead. Experimental results demonstrated that programs fortified with SHCFI effectively defended against code reuse attacks, exhibiting favorable runtime overhead. |
| format | Article |
| id | doaj-art-757057ae40bf4a438c710ac855a7db72 |
| institution | Kabale University |
| issn | 2096-109X |
| language | English |
| publishDate | 2024-10-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-757057ae40bf4a438c710ac855a7db722025-01-15T03:17:20ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2024-10-011010711877772248Control-flow integrity technology based on the combination of software and hardwareLIANG HaoHE BenweiWANG QingfengCHENG GuozhenMA HailongFor shadow stack, balancing security and performance was difficult, and the forward CFI (control-flow integrity) scheme implemented by software was too expensive and difficult to be deployed in practice. A hybrid CFI scheme based on software and hardware integration, named SHCFI (control-flow integrity based on the combination of software and hardware), was proposed. Decompilation was undergone by the program using a binary rewriter to generate an intermediate representation, and various transfer instruction types were identified. For the protection of backward control flow, a novel parallel shadow stack scheme was introduced, featuring encrypted return addresses. This involved XOR encryption of return addresses on the stack using random numbers, with the encrypted results stored securely in a shadow stack located at a fixed offset on the original stack. During function returns, addresses in the shadow stack underwent XOR decryption, and the decrypted results served as the actual return addresses. For forward control flow protection, the hardware ENDBRANCH state machine instruction was utilized to mark the target addresses of indirect transfer instructions. At runtime, legitimacy checks were applied to these target addresses, thereby reducing performance overhead. Experimental results demonstrated that programs fortified with SHCFI effectively defended against code reuse attacks, exhibiting favorable runtime overhead.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024070software diversitycontrol-flow integritycombination of software and hardwarecode-reuse attack |
| spellingShingle | LIANG Hao HE Benwei WANG Qingfeng CHENG Guozhen MA Hailong Control-flow integrity technology based on the combination of software and hardware 网络与信息安全学报 software diversity control-flow integrity combination of software and hardware code-reuse attack |
| title | Control-flow integrity technology based on the combination of software and hardware |
| title_full | Control-flow integrity technology based on the combination of software and hardware |
| title_fullStr | Control-flow integrity technology based on the combination of software and hardware |
| title_full_unstemmed | Control-flow integrity technology based on the combination of software and hardware |
| title_short | Control-flow integrity technology based on the combination of software and hardware |
| title_sort | control flow integrity technology based on the combination of software and hardware |
| topic | software diversity control-flow integrity combination of software and hardware code-reuse attack |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2024070 |
| work_keys_str_mv | AT lianghao controlflowintegritytechnologybasedonthecombinationofsoftwareandhardware AT hebenwei controlflowintegritytechnologybasedonthecombinationofsoftwareandhardware AT wangqingfeng controlflowintegritytechnologybasedonthecombinationofsoftwareandhardware AT chengguozhen controlflowintegritytechnologybasedonthecombinationofsoftwareandhardware AT mahailong controlflowintegritytechnologybasedonthecombinationofsoftwareandhardware |