基于受控通道的控制流完整性

2019 22nd International Conference on Control Systems and Computer Science (CSCS) Pub Date : 2019-05-01 DOI:10.1109/CSCS.2019.00053

Radu Mantu, Dan Sporici, Mihai Chiroiu

{"title":"基于受控通道的控制流完整性","authors":"Radu Mantu, Dan Sporici, Mihai Chiroiu","doi":"10.1109/CSCS.2019.00053","DOIUrl":null,"url":null,"abstract":"By ensuring the Control Flow Integrity (CFI) of a program, one can successfully verify that each performed action is indeed part of a correct execution flow thus preventing unwanted behaviour caused by malicious inputs. Validating the Control Flow Graph (CFG) is usually done by instrumenting the code and enforcing a set of conditions which imply overhead and compiler support. In this paper, we investigate an alternative approach, based on controlled-channel: by invalidating certain pages and monitoring the Page Faults, we generate a CFG of faulting instructions which we use to detect unusual execution flows (e.g. buffer overflows, ROP) and discuss methods to estimate and mitigate the induced overhead. Using the page invalidation selection algorithms that we propose, we obtain an approximate slowdown factor of 3.43. This can be further reduced by doing a manual analysis of the involved binaries and sacrificing accuracy for speed.","PeriodicalId":352411,"journal":{"name":"2019 22nd International Conference on Control Systems and Computer Science (CSCS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Control Flow Integrity Based on Controlled Channel\",\"authors\":\"Radu Mantu, Dan Sporici, Mihai Chiroiu\",\"doi\":\"10.1109/CSCS.2019.00053\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"By ensuring the Control Flow Integrity (CFI) of a program, one can successfully verify that each performed action is indeed part of a correct execution flow thus preventing unwanted behaviour caused by malicious inputs. Validating the Control Flow Graph (CFG) is usually done by instrumenting the code and enforcing a set of conditions which imply overhead and compiler support. In this paper, we investigate an alternative approach, based on controlled-channel: by invalidating certain pages and monitoring the Page Faults, we generate a CFG of faulting instructions which we use to detect unusual execution flows (e.g. buffer overflows, ROP) and discuss methods to estimate and mitigate the induced overhead. Using the page invalidation selection algorithms that we propose, we obtain an approximate slowdown factor of 3.43. This can be further reduced by doing a manual analysis of the involved binaries and sacrificing accuracy for speed.\",\"PeriodicalId\":352411,\"journal\":{\"name\":\"2019 22nd International Conference on Control Systems and Computer Science (CSCS)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2019 22nd International Conference on Control Systems and Computer Science (CSCS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CSCS.2019.00053\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 22nd International Conference on Control Systems and Computer Science (CSCS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CSCS.2019.00053","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

通过确保程序的控制流完整性(CFI)，可以成功地验证每个执行的操作确实是正确执行流的一部分，从而防止由恶意输入引起的不必要行为。验证控制流图(CFG)通常是通过检测代码和执行一组暗示开销和编译器支持的条件来完成的。在本文中，我们研究了一种基于受控通道的替代方法:通过使某些页面无效并监视页面错误，我们生成一个故障指令CFG，我们使用它来检测异常的执行流(例如缓冲区溢出，ROP)，并讨论了估计和减轻诱导开销的方法。使用我们提出的页面无效选择算法，我们得到了大约3.43的减速系数。这可以通过手工分析所涉及的二进制文件并牺牲准确性来进一步减少。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Control Flow Integrity Based on Controlled Channel

By ensuring the Control Flow Integrity (CFI) of a program, one can successfully verify that each performed action is indeed part of a correct execution flow thus preventing unwanted behaviour caused by malicious inputs. Validating the Control Flow Graph (CFG) is usually done by instrumenting the code and enforcing a set of conditions which imply overhead and compiler support. In this paper, we investigate an alternative approach, based on controlled-channel: by invalidating certain pages and monitoring the Page Faults, we generate a CFG of faulting instructions which we use to detect unusual execution flows (e.g. buffer overflows, ROP) and discuss methods to estimate and mitigate the induced overhead. Using the page invalidation selection algorithms that we propose, we obtain an approximate slowdown factor of 3.43. This can be further reduced by doing a manual analysis of the involved binaries and sacrificing accuracy for speed.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2019 22nd International Conference on Control Systems and Computer Science (CSCS)

自引率

0.00%

发文量