Practical Control Flow Integrity using Multi-Variant execution

Abstract

The popularity of computers and networks brings many conveniences to our daily life but also brings a variety of security threats. The proliferation of attacks and the rapid spread of viruses make security researchers gradually shift their perspective from passive defense to active defense. Among many active defenses, the technique of software multi-variant execution (MVX) framework has been widely concerned. It can detect and defend most known or even 0-day attacks without depending on the feature of specific threats. However, there is a big performance bottleneck in this technique. Control flow integrity (CFI) is another ideal security solution, but it is not widely used in practice because of performance loss and compatibility problems. In this paper, we propose a multi-variant execution framework called MVX-CFI. MVX-CFI improves execution efficiency without losing its original security. MVX-CFI is a dynamic and transparent CFI implementation based on the MVX framework. It can effectively capture the control flow of the target software and find illegal path transfer caused by malicious acts such as attacks. MVX-CFI extends the general MVX with a feedback assisted-detection module, which reduces a lot of repetitive voting work of traditional MVX and improves the performance. It also provides a probability to detect preset back door in a software.