Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Li, Senyang; Wang, Weike; Li, Wenxin; Zhang, Dexue

doi:10.1109/access.2023.3337043

Cited by 1 publication

(1 citation statement)

References 92 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Runtime Control Flow Verification: The second phase of the CFI mechanism, which takes place during runtime when the program is being executed, plays a crucial role in ensuring the security and integrity of the running program. During this phase, the CFI mechanism continuously monitors the control flow transfers within the running program [26]. By continuously monitoring these control flow transfers, the CFI mechanism aims to verify whether they adhere to the predetermined Control Flow Graph (CFG) constructed in the first phase [27].…”

Section: Phases Of Cfg-based Cfi Mechanismsmentioning

confidence: 99%

CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI Schemes

Li,

Wang,

2024

Electronics

Self Cite

View full text Add to dashboard Cite

Control flow critical metadata play a key role in hardware-based control flow integrity (CFI) mechanisms that effectively monitor and secure program control flow based on pre-extracted metadata. The existing control flow analysis tools exhibit some deficiencies, including inadequate compatibility with the RISC-V architecture, a steep learning curve, limited automation capabilities, and restricted data output formats. CFIEE is an open-source tool with a graphical interface for the automated extraction of control flow critical metadata. The tool possesses the capability to analyze RISC-V binary executables, transforming the binary into an intermediate representation (IR) in the form of the disassembled code, and extracting the critical metadata required for studying hardware-based CFI mechanism through a designed control flow transfer relationship analysis algorithm. The extracted metadata include program basic blocks and their corresponding hash values, control flow graphs, function call relationships, distribution of forward transfer instructions, etc. We selected 15 embedded system programs with processor adaptation for functional verification. The results demonstrate the CFIEE’s capability to automatically analyze programs within the supported RISC-V instruction set and generate comprehensive and precise metadata files. This tool can significantly enhance the efficiency of control flow metadata extraction and furnish configurable metadata for the hardware-based security mechanisms.

show abstract

Section: Phases Of Cfg-based Cfi Mechanismsmentioning

confidence: 99%