RAGuard: A Hardware Based Mechanism for Backward-Edge Control-Flow Integrity

Proceedings of the Computing Frontiers Conference Pub Date : 2017-05-15 DOI:10.1145/3075564.3075570

Jun Zhang, Rui Hou, Junfeng Fan, KeKe Liu, Lixin Zhang, S. Mckee

{"title":"RAGuard: A Hardware Based Mechanism for Backward-Edge Control-Flow Integrity","authors":"Jun Zhang, Rui Hou, Junfeng Fan, KeKe Liu, Lixin Zhang, S. Mckee","doi":"10.1145/3075564.3075570","DOIUrl":null,"url":null,"abstract":"Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse attacks, which utilize benign code sequences to realize arbitrary computation. Current approaches can efficiently protect control-flow transfers caused by indirect jumps and function calls (forward-edge CFI). However, they cannot effectively protect control-flow caused by the function return (backward-edge CFI). The reason is that the set of return addresses of the functions that are frequently called can be very large, which might bend the backward-edge CFI. We address this backward-edge CFI problem by proposing a novel hardware-assisted mechanism (RAGuard) that binds a message authentication code to each return address and enhances security via a physical unclonable function and a hardware hash function. The message authentication codes can be stored on the program stack with return address. RAGuard hardware automatically verifies the integrity of return addresses. Our experiments show that for a subset of the SPEC CPU2006 benchmarks, RAGuard incurs 1.86% runtime overheads on average with no need for OS support.","PeriodicalId":398898,"journal":{"name":"Proceedings of the Computing Frontiers Conference","volume":"24 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the Computing Frontiers Conference","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3075564.3075570","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse attacks, which utilize benign code sequences to realize arbitrary computation. Current approaches can efficiently protect control-flow transfers caused by indirect jumps and function calls (forward-edge CFI). However, they cannot effectively protect control-flow caused by the function return (backward-edge CFI). The reason is that the set of return addresses of the functions that are frequently called can be very large, which might bend the backward-edge CFI. We address this backward-edge CFI problem by proposing a novel hardware-assisted mechanism (RAGuard) that binds a message authentication code to each return address and enhances security via a physical unclonable function and a hardware hash function. The message authentication codes can be stored on the program stack with return address. RAGuard hardware automatically verifies the integrity of return addresses. Our experiments show that for a subset of the SPEC CPU2006 benchmarks, RAGuard incurs 1.86% runtime overheads on average with no need for OS support.

查看原文本刊更多论文

rguard:一种基于硬件的后边缘控制流完整性机制

控制流完整性(CFI)被认为是一种通用的、有前途的防止代码重用攻击的方法，它利用良性代码序列来实现任意计算。目前的方法可以有效地保护由间接跳转和函数调用引起的控制流转移(前沿CFI)。但是，它们不能有效地保护由函数返回(后缘CFI)引起的控制流。原因是经常调用的函数的返回地址集可能非常大，这可能会弯曲后边缘CFI。我们通过提出一种新的硬件辅助机制(RAGuard)来解决这个后端CFI问题，该机制将消息认证码绑定到每个返回地址，并通过物理不可克隆函数和硬件哈希函数增强安全性。消息身份验证码可以存储在带有返回地址的程序堆栈中。rguard硬件自动验证返回地址的完整性。我们的实验表明，对于SPEC CPU2006基准测试的一个子集，在不需要操作系统支持的情况下，RAGuard平均会产生1.86%的运行时开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of the Computing Frontiers Conference

自引率

0.00%

发文量