BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph

Park, Moon Chan; Lee, Dong Hoon

doi:10.1109/access.2023.3234184

Cited by 4 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static analysis is a prevalent technique for constructing CFGs. This method involves a meticulous examination of the program, such as the source code and binary executable file [20][21][22]. Static analysis is often conducted during the program's compilation or preprocessing phase, ensuring that the CFG is established before execution.…”

Section: Phases Of Cfg-based Cfi Mechanismsmentioning

confidence: 99%

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

Li,

Wang,

2024

Electronics

View full text Add to dashboard Cite

Control flow critical metadata play a key role in hardware-based control flow integrity (CFI) mechanisms that effectively monitor and secure program control flow based on pre-extracted metadata. The existing control flow analysis tools exhibit some deficiencies, including inadequate compatibility with the RISC-V architecture, a steep learning curve, limited automation capabilities, and restricted data output formats. CFIEE is an open-source tool with a graphical interface for the automated extraction of control flow critical metadata. The tool possesses the capability to analyze RISC-V binary executables, transforming the binary into an intermediate representation (IR) in the form of the disassembled code, and extracting the critical metadata required for studying hardware-based CFI mechanism through a designed control flow transfer relationship analysis algorithm. The extracted metadata include program basic blocks and their corresponding hash values, control flow graphs, function call relationships, distribution of forward transfer instructions, etc. We selected 15 embedded system programs with processor adaptation for functional verification. The results demonstrate the CFIEE’s capability to automatically analyze programs within the supported RISC-V instruction set and generate comprehensive and precise metadata files. This tool can significantly enhance the efficiency of control flow metadata extraction and furnish configurable metadata for the hardware-based security mechanisms.

show abstract

Section: Phases Of Cfg-based Cfi Mechanismsmentioning

confidence: 99%

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

Li,

Wang,

2024

Electronics

View full text Add to dashboard Cite

show abstract

“…Control flow validation methods directly monitor the transfer paths and critical parameters between program basic blocks and halt execution upon verification failure. Some of these techniques involve constructing a control flow graph (CFG) for the program through source code or binary code analysis [ 17 , 21 ]. The CFG is then utilized as a reference model to monitor runtime control flow transfers.…”

Section: Related Workmentioning

confidence: 99%

“…The bipartite graph described the mapping relationships between all indirect branches and valid destination addresses. It was able to replace the verification of CFI with the edge presence problem in the bipartite graph when detecting whether the control flow transfer is legitimate [ 21 ].…”

Section: Related Workmentioning

confidence: 99%

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

An,

Wang,

et al. 2023

Micromachines

View full text Add to dashboard Cite

The growing prevalence of embedded systems in various applications has raised concerns about their vulnerability to malicious code reuse attacks. Current software-based and hardware-assisted security techniques struggle to detect or block these attacks with minor performance and implementation overhead. To address this issue, this paper presents a lightweight hardware-assisted scheme to enhance the security of embedded systems against code reuse attacks. We develop an on-chip lightweight hardware shadow stack to validate target addresses at runtime for backward-edge control flow integrity, which backs up valid return addresses during function calls and automatically verifies actual return addresses during the return phase. Additionally, we propose a lightweight stream cipher circuit that encrypts and decrypts critical stack data related to control flow manipulation, preventing attackers from analyzing or tampering with them. When designing and implementing the security mechanism for embedded systems, we fully consider the constraints of limited system resources and performance, optimizing both the architecture design and implementation of the proposed hardware. Finally, we integrate both the proposed lightweight hardware shadow stack and the runtime data encryption hardware into the OR1200 processor. We have verified the system security function on the Terasic DE1-SoC FPGA platform and evaluated the system performance as well as implementation overhead. The results show that the proposed lightweight hardware-assisted scheme can provide a dedicated defense capability against code reuse attacks for embedded systems, with an average system performance overhead of 0.39% and an area footprint of 0.316 mm2.

show abstract

“…Currently, CFI in a processor can be achieved in both Software [29], [30], [31], [32], [33], [34], [35] and hardware. BCI-CFI [34], an implementation of software-based finegrained CFI on the Linux kernel, exhibited an average execution overhead of 19.67%, with the peak overhead attaining 31.2% in test programs.…”

Section: B the Current State Of Defense Against Code Reuse Attacksmentioning

confidence: 99%

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Li,

Wang,

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Code reuse attacks (CRA) represent a type of control flow hijacking that attackers exploit to manipulate the standard program execution path, resulting in abnormal processor behaviors. In response to the security concern, proposals for Control Flow Integrity (CFI) verification have emerged. The CFI scheme diligently monitors program jumps during execution, effectively restraining abnormal program execution and robustly safeguarding against CRA. This paper provides a comprehensive analysis and synthesis of the current state of hardware-based CFI implementations. In this survey, we initially discuss common attack methods and variations of predominant CRA, elucidating the general procedural steps intrinsic to such attacks. We delve into the protective capacities inherent in contemporary hardware-based CFI implementations. By conducting a thorough examination and organization of diverse research endeavors on hardware-based CFI, we systematically classify CFI based on implementation methodologies, including label verification, instruction encryption, stack edge detection, instruction tracing, sensitive data isolation, and basic block validation. We provide comprehensive explanations and critical evaluations for each category followed by comparative analyses while offering personal insights on the evolution of hardware-based CFI.INDEX TERMS Code reuse attacks, Control Flow Integrity, Hardware-based CFI implementations.

show abstract

BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph

Cited by 4 publications

References 36 publications

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

Securing Embedded System from Code Reuse Attacks: A Lightweight Scheme with Hardware Assistance

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Contact Info

Product

Resources

About