随波逐流:内核的细粒度控制流完整性

Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016) Pub Date : 2016-11-07 DOI:10.5753/sbseg.2016.19322

João Moreira, S. Rigo

{"title":"随波逐流:内核的细粒度控制流完整性","authors":"João Moreira, S. Rigo","doi":"10.5753/sbseg.2016.19322","DOIUrl":null,"url":null,"abstract":"This paper describes FLOW: a fine-grained control-flow integrity (CFI) implementation that focuses on protecting the Linux kernel. By combining source-code and binary analysis, FLOW maps valid execution paths into a fine-grained control-flow graph, which is later used to instrument the kernel with label-based CFI checks that prevent control-flow hijacking attacks. FLOW induces an average overhead of 17% on system call latency and 5% on I/O throughput, while its impact on real-world applications is ≈ 1%.","PeriodicalId":337903,"journal":{"name":"Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)","volume":"499 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-11-07","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Go With the FLOW: Fine-Grained Control-Flow Integrity for the Kernel\",\"authors\":\"João Moreira, S. Rigo\",\"doi\":\"10.5753/sbseg.2016.19322\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper describes FLOW: a fine-grained control-flow integrity (CFI) implementation that focuses on protecting the Linux kernel. By combining source-code and binary analysis, FLOW maps valid execution paths into a fine-grained control-flow graph, which is later used to instrument the kernel with label-based CFI checks that prevent control-flow hijacking attacks. FLOW induces an average overhead of 17% on system call latency and 5% on I/O throughput, while its impact on real-world applications is ≈ 1%.\",\"PeriodicalId\":337903,\"journal\":{\"name\":\"Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)\",\"volume\":\"499 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-11-07\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5753/sbseg.2016.19322\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5753/sbseg.2016.19322","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

摘要

本文描述了FLOW:一个细粒度的控制流完整性(CFI)实现，专注于保护Linux内核。通过结合源代码和二进制分析，FLOW将有效的执行路径映射到细粒度的控制流图中，该图稍后用于使用基于标签的CFI检查来检测内核，以防止控制流劫持攻击。FLOW在系统调用延迟上的平均开销为17%，在I/O吞吐量上的平均开销为5%，而它对实际应用程序的影响约为1%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Go With the FLOW: Fine-Grained Control-Flow Integrity for the Kernel

This paper describes FLOW: a fine-grained control-flow integrity (CFI) implementation that focuses on protecting the Linux kernel. By combining source-code and binary analysis, FLOW maps valid execution paths into a fine-grained control-flow graph, which is later used to instrument the kernel with label-based CFI checks that prevent control-flow hijacking attacks. FLOW induces an average overhead of 17% on system call latency and 5% on I/O throughput, while its impact on real-world applications is ≈ 1%.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Anais do XVI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2016)

自引率

0.00%

发文量