Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

9-2016

Abstract

Control Flow Integrity (CFI) is an attractive security property with which most injected and code reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). However, comprehensive enforcement of CFI is expensive due to additional supports needed (e.g., compiler support and presence of relocation or debug information) and performance overhead. Recent research has been trying to strike the balance among reasonable approximation of the CFI properties, minimal additional supports needed, and acceptable performance. We investigate existing dynamic code optimization techniques and find that they provide an architecture on which CFI can be enforced effectively and efficiently. In this paper, we propose and implement DynCFI that enforces security policies on a well established dynamic optimizer and show that it provides comparable CFI properties with existing CFI implementations while lowering the overall performance overhead from 28.6 % to 14.8 %. We further perform comprehensive evaluations and shed light on the exact amount of savings contributed by the various components of the dynamic optimizer including basic block cache, trace cache, branch prediction, and indirect branch lookup.

Keywords

Control Flow Integrity, Return-oriented programming, Dynamic code optimization

Discipline

Computer Sciences | Databases and Information Systems | Theory and Algorithms

Research Areas

Data Science and Engineering

Publication

Information Security: 19th International Conference, ISC 2016, Honolulu, HI, September 3-6, 2016: Proceedings

Volume

9866

First Page

366

Last Page

385

ISBN

9783319458717

Identifier

10.1007/978-3-319-45871-7_22

Publisher

Springer

City or Country

Cham

Additional URL

https://ddoi.org/10.1007/978-3-319-45871-7_22

Download

Share

COinS