Control-flow carrying code

Author

Yan LIN, Singapore Management UniversityFollow
Debin GAO, Singapore Management UniversityFollow

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

7-2019

Abstract

Control-Flow Integrity (CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention (DEP), as an underlying basis. For instance, CFI defenses use read-only address tables to avoid metadata corruption. However, this assumption has shown to be invalid with advanced attacking techniques, such as Data-Oriented Programming, data race, and Rowhammer attacks. In addition, there are scenarios in which DEP is unavailable, e.g., bare-metal systems and applications with dynamically generated code. We present the design and implementation of Control-Flow Carrying Code (C3), a new CFI enforcement without depending on DEP, which makes the CFI policies embedded safe from being overwritten by attackers. C3 embeds the Control-Flow Graph (CFG) and its enforcement into instructions of the program by encrypting each basic block with a key derived from the CFG. The "proof-carrying" code ensures that only valid control flow transfers can decrypt the corresponding instruction sequences, and that any unintended control flow transfers or overwritten code segment would cause program crash with high probability due to the wrong decryption key and the corresponding random code bytes obtained. We implement C3 on top of an instrumentation platform and apply it to many popular programs. Our security evaluation shows that C3 is capable of enforcing strong CFI policies and is able to defend against most control-flow hijacking attacks while suffering from moderate runtime overhead.

Keywords

Control-flow hijacking, Control-flow integrity, Instruction-set randomization, Secret sharing

Discipline

Information Security

Research Areas

Cybersecurity

Publication

AsiaCCS '19: Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security, Auckland, July 9-12

First Page

3

Last Page

14

ISBN

9781450367523

Identifier

10.1145/3321705.3329815

Publisher

ACM

City or Country

New York

Citation

LIN, Yan and GAO, Debin. Control-flow carrying code. (2019). AsiaCCS '19: Proceedings of the 14th ACM ASIA Conference on Computer and Communications Security, Auckland, July 9-12. 3-14.
Available at: https://ink.library.smu.edu.sg/sis_research/4685

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3321705.3329815