Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity

Creator

Dean Sullivan, University of Central Florida
Orlando Arias, University of Central Florida
Lucas Davi, Technische Universität Darmstadt
Per Larsen, University of California, Irvine
Ahmad Reza Sadeghi, Technische Universität Darmstadt

Abstract

Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constitute a severe threat against diverse computing platforms. Existing CFI solutions (both in software and hardware) suffer from shortcomings such as (i) inefficiency, (ii) security weaknesses, or (iii) are not scalable. In this paper, we present a generic hardware-enhanced CFI scheme that tackles these problems and allows to enforce diverse CFI policies. Our approach fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist. We evaluate our implementation on SPARC LEON3 and demonstrate its high efficiency.

Publication Date

6-5-2016

Publication Title

Proceedings - Design Automation Conference

Volume

05-09-June-2016

Document Type

Article; Proceedings Paper

Personal Identifier

scopus

DOI Link

https://doi.org/10.1145/2897937.2898098

Copyright Status

Unknown

Socpus ID

84977156835 (Scopus)

Source API URL

https://api.elsevier.com/content/abstract/scopus_id/84977156835

STARS Citation

Sullivan, Dean; Arias, Orlando; Davi, Lucas; Larsen, Per; and Sadeghi, Ahmad Reza, "Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity" (2016). Scopus Export 2015-2019. 4061.
https://stars.library.ucf.edu/scopus2015/4061