Type of Publication: Article in Collected Edition

Towards a Policy-Agnostic Control-Flow Integrity Implementation

Author(s):

Sullivan, Dean; Arias, Orlando; Davi, Lucas; Sadeghi, Ahmad-Reza; Jin, Yier

Title of Anthology:

Proc. of Black Hat Europe

Publisher:

Association for Computing Machinery (ACM)

Publication Date:

2016

Digital Object Identifier (DOI):

doi:10.1145/2897937.2898098

Citation:

Download BibTeX

Abstract

Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constitute a severe threat against diverse computing platforms. Existing CFI solutions (both in software and hardware) suffer from shortcomings such as (i) inefficiency, (ii) security weaknesses, or (iii) are not scalable. In this paper, we present a generic hardware-enhanced CFI scheme that tackles these problems and allows to enforce diverse CFI policies. Our approach fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist. We evaluate our implementation on SPARC LEON3 and demonstrate its high efficiency.