HCODE: Hardware-Enhanced Real-Time CFI

Abstract

Cyber-attacks are widely known to be a major threat on computing devices. Many attacks exploit a latent problem in the host program. This can be a misconfiguration or a real programming error (e.g., lack of user-provided input verification or untested corner cases). Once such a bug is identified, attack programs can be devised, which will for instance install a payload on the victim host. Many features have been developed to protect from these infection vectors. In this paper we present a simple hardware/software solution able to check good execution of one program by checking that each basic block is correctly executed and that the Control Flow Graph (CFG) is respected. We call this control-flow integrity (CFI). We are able to do so in real time without adding new opcodes in the processor, but by modifying slightly the executed code. Moreover, we also aim at verifying that the sequence of instructions is correctly executed within each basic block. In this respect, we implement a hardware module called HCODE, (short for Hashing CODE), into the processor which reads each instruction executed by the processor and computes some signature to check against a genuine copy of precomputed signatures.