Publication Type
Conference Proceeding Article
Version
publishedVersion
Publication Date
7-2019
Abstract
Control-Flow Integrity (CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention (DEP), as an underlying basis. For instance, CFI defenses use read-only address tables to avoid metadata corruption. However, this assumption has shown to be invalid with advanced attacking techniques, such as Data-Oriented Programming, data race, and Rowhammer attacks. In addition, there are scenarios in which DEP is unavailable, e.g., bare-metal systems and applications with dynamically generated code. We present the design and implementation of Control-Flow Carrying Code (C3), a new CFI enforcement without depending on DEP, which makes the CFI policies embedded safe from being overwritten by attackers. C3 embeds the Control-Flow Graph (CFG) and its enforcement into instructions of the program by encrypting each basic block with a key derived from the CFG. The "proof-carrying" code ensures that only valid control flow transfers can decrypt the corresponding instruction sequences, and that any unintended control flow transfers or overwritten code segment would cause program crash with high probability due to the wrong decryption key and the corresponding random code bytes obtained. We implement C3 on top of an instrumentation platform and apply it to many popular programs. Our security evaluation shows that C3 is capable of enforcing strong CFI policies and is able to defend against most control-flow hijacking attacks while suffering from moderate runtime overhead.
Keywords
Control-flow hijacking, Control-flow integrity, Instruction-set randomization, Secret sharing
Discipline
Information Security
Research Areas
Cybersecurity
Publication
AsiaCCS '19: Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security, Auckland, July 9-12
First Page
3
Last Page
14
ISBN
9781450367523
Identifier
10.1145/3321705.3329815
Publisher
ACM
City or Country
New York
Citation
LIN, Yan and GAO, Debin.
Control-flow carrying code. (2019). AsiaCCS '19: Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security, Auckland, July 9-12. 3-14.
Available at: https://ink.library.smu.edu.sg/sis_research/4685
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1145/3321705.3329815