Effective Control Flow Integrity Checks for Intrusion Detection

Abstract

Ensuring run time Control Flow Integrity (CFI) has proven to be a good way to detect and prevent intrusions which result from exploitation of unknown vulnerabilities in the software. Attackers need to change the control flow and/or the code text of the victim application to achieve their malicious intent. However, existing techniques for monitoring run time CFI have been impractical due to their large software and hardware costs. In this paper, we describe a practical hardware based approach at a fine granularity to ensure integrity of code and the control flow of an executing application. We utilize the low power benefits and randomness of a stream cipher based hash, combined with the efficient hardware based monitoring, to provide a practical and functional defense against intrusion attacks.