Go With the FLOW: Fine-Grained Control-Flow Integrity for the Kernel

Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016) Pub Date : 2016-11-07 DOI:10.5753/sbseg.2016.19322

João Moreira, S. Rigo

引用次数: 4

Abstract

This paper describes FLOW: a fine-grained control-flow integrity (CFI) implementation that focuses on protecting the Linux kernel. By combining source-code and binary analysis, FLOW maps valid execution paths into a fine-grained control-flow graph, which is later used to instrument the kernel with label-based CFI checks that prevent control-flow hijacking attacks. FLOW induces an average overhead of 17% on system call latency and 5% on I/O throughput, while its impact on real-world applications is ≈ 1%.

查看原文本刊更多论文

随波逐流:内核的细粒度控制流完整性

本文描述了FLOW:一个细粒度的控制流完整性(CFI)实现，专注于保护Linux内核。通过结合源代码和二进制分析，FLOW将有效的执行路径映射到细粒度的控制流图中，该图稍后用于使用基于标签的CFI检查来检测内核，以防止控制流劫持攻击。FLOW在系统调用延迟上的平均开销为17%，在I/O吞吐量上的平均开销为5%，而它对实际应用程序的影响约为1%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)

自引率

0.00%

发文量