Skip to main content
main-content
Top

About this book

There are three fundamental components in Control-Flow Integrity (CFI) enforcement. The first component is accurately recovering the policy (CFG). Usually, the more precise the policy is, the more security CFI improves, but precise CFG generation was considered hard without the support of source code. The second component is embedding the CFI policy securely. Current CFI enforcement usually inserts checks before indirect branches to consult a read-only table which stores the valid CFG information. However, this kind of read-only table can be overwritten by some kinds of attacks (e.g., the Rowhammer attack and data-oriented programming). The third component is to efficiently enforce the CFI policy. In current approaches CFI checks are always executed whenever there is an indirect control flow transfer. Therefore, it is critical to minimize the performance impact of CFI checks.
In this book, we propose novel solutions to handle these three fundamental components. To generate a precise CFI policy without the support of the source code, we systematically study two methods which recover CFI policy based on function signature matching at the binary level and propose our novel rule- and heuristic-based mechanism to more accurately recover function signature. To embed CFI policy securely, we design a novel platform which encodes the policy into the machine instructions directly without relying on consulting any read-only data structure, by making use of the idea of instruction-set randomization. Each basic block is encrypted with a key derived from the CFG. To efficiently enforce CFI policy, we make use of a mature dynamic code optimization platform called DynamoRIO to enforce the policy so that we are only required to do the CFI check when needed.

Table of Contents

Frontmatter

1. Introduction

Abstract
In this chapter, we first introduce concepts and implementations of Control-Flow Integrity [1], which is a fundamental approach to mitigating control-flow hijacking attacks, and then present practical issues of previous CFI systems and summarize how we address those problems.
Yan Lin

2. Literature Review

Abstract
C and C++ are perhaps the most important programming languages due to its high performance. However, these programs all suffer from memory corruption issues such as out-of-bound accesses or object use-after-free bugs.
Yan Lin

3. When Function Signature Recovery Meets Compiler Optimization

Abstract
Control-Flow Integrity (CFI) [1] is a promising technique in defending against control-flow hijacking attacks [25] by enforcing that runtime control flows follow valid paths in the program’s Control-Flow Graph (CFG).
Yan Lin

4. Control-Flow Carrying Code

Abstract
In the previous chapter, we introduce the approach to generate a more accurate CFG by making use of function signature matching, in this chapter, we will show how to implement the CFI policy securely.
Yan Lin

5. Control-Flow Integrity Enforcement with Dynamic Code Optimization

Abstract
Prior to the introduction of CFI in 2005, there have already been a lot of research on dynamic code optimization to improve performance of dynamic program interpreters. For example, Wiggins/Redstone [1], Dynamo [2], Mojo [3], and DynamoRIO [4].
Yan Lin

6. Conclusions

Abstract
This book makes contributions in recovering, embedding, and enforcing control-flow integrity policies.
Yan Lin
Additional information

Premium Partner

    Image Credits