Control-Flow Integrity Principles, Implementations, and Applications

Control-Flow Integrity Principles, Implementations, and Applications PowerPoint PPT Presentation

  • Uploaded on
  • Presentation posted in: General

Contents. IntroductionProblem

Download Presentation

Control-Flow Integrity Principles, Implementations, and Applications

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

1. Control-Flow Integrity Principles, Implementations, and Applications Martin Abadi (University of California Santa Cruz), Mihai Budiu, Ulfar Erlingsson (Microsoft Research Silicon Valley), Jay Ligatti (Princeton University) ACM CCS 2005

2. Contents Introduction Problem & Solution Enforcement CFI Instrumentation Code Assumptions Phases of Inlined CFI Enforcement A Practical CFI Implementation The Implementation Measurements Conclusion

3. Introduction Problem Many current attacks abuse exploits to subvert machine-code execution Buffer overflow attacks Jump-to-libc attacks Pointer subterfuge attacks Vulnerability mitigations deployed thus far are circumventable by attackers Stack canaries, runtime elimination of buffer overflows, randomization and artificial heterogeneity, and tainting of suspect data

4. Introduction Solution Control-Flow Integrity (CFI) Execution of a program dynamically follows only certain paths, in accordance with a static policy (a Control-Flow Graph) Dynamic checks & machine code rewriting Control-Flow Graph (CFG) defined by analysis ahead of time source code analysis, binary analysis, execution profiling

5. Enforcement Example CFG

6. Enforcement CFI Instrumentation Code ID : 32-bit hexadecimal value ID-check : cmp, jne Prefetchnta : side-effect-free x86 prefetch instruction

7. Enforcement CFI Instrumentation Code Function Call & Return

8. Enforcement Assumptions Unique IDs (UNQ) ID bit patterns must not be present anywhere in code other than IDs and ID-checks Non-Writable Code (NWC) Program cannot modify code memory at runtime ID-checks can be circumvented Non-Executable Data (NXD) Program cannot execute data as if it were code Attacker can execute data labeled with expected ID

9. Enforcement Phases of Inlined CFI Enforcement Construct CFG Standard control-flow analysis techniques CFI instrumentation Establish UNQ assumption Whenever software is installed or modified IDs can be updated to remain unique CFI verification, validates the following: When a program is loaded into memory and assembled from components and libraries Direct jumps and similar instructions Proper insertion of IDs and ID-checks UNQ property

10. A practical CFI implementation The Implementation Implemented inlined CFI enforcement for Windows on the x86 architecture Uses Vulcan for building a CFG of the program being instrumented

11. A practical CFI implementation Measurements Windows XP SP2 in “Safe Mode” Pentium 4 x86 processor at 1.8GHz with 512MB of RAM SPEC2000 benchmark CFG construction + CFI Instrumentation took about 10 seconds Binary size increased by an average 8% Benchmarks took 16% longer to execute on average

12. Conclusion At the machine-code level, relatively little effort has been spent on guaranteeing that control actually flows as expected Inlined CFI enforcement compatible with most existing software little performance overhead simple, verifiable, and amenable to formal analysis strong guarantees even in the presence of a powerful adversary.

  • Login