Random CFI (RCFI): Efficient Fine-Grained Control-Flow Integrity Through Random Verification

Park, Moon Chan; Lee, Dong Hoon

doi:10.1109/tc.2020.2995838

Cited by 6 publications

(9 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For defense against architectural and system design flaws various protection techniques such as usage of trusted execution environments for local [53], remote [54] and IoT systems [55], cache side-channel mitigation techniques such as runtime detection [56] and concurrent randomization of processor frequency and prefetcher operation [57], memory protection techniques such as Combined Tag and Data Parity (CTDP) schemes [58] and control flow integrity verification techniques such as selective and random verification [59] can be used.…”

Section: B) Architectural and System Threat Countermeasuresmentioning

confidence: 99%

Hardware Security and Trust: Trends, Challenges, and Design Tools

Siriwardana

2024

IRJIET

View full text Add to dashboard Cite

Hardware security in the cyber security domain had become a more of a controversial topic over the past decade due to the introduction of new design technologies in semiconductors and expansion of global supplier chains. In proportion to the technological advancement of hardware production, the success rate of the existing hardware attacks had also evolved over the time with a significantly high rate of emergence of new attacking techniques and methods. Computing hardware is becoming a more and more attractive attack surface due to several reasons. The technology of analyzing the hardware components is becoming more and more affordable and accessible to the general public than before. Also due to the influx of IoT devices in the market, trend of simplifying the design structure to decrease the power consumption and maximizing the processing speed has become the theme of modern hardware implementations rather than the security of the devices. When considering the market demand and user requirements, it is more obvious for the computer manufacturers to give priority to user requirements rather than stressing more on the security aspects of their designs and devices. But there could be some catastrophic outcomes if the security aspects of these hardware tends to fail in a critical infrastructure, because these semiconductors are used in devices ranging from simple IoT devices to more complex systems like SCADA systems. Therefore, it is always a better approach to find a balance ground between the user requirement as well as the security of the hardware, without compromising either of both in the design and development. In this article, it presents an overall insight to trends in Hardware Security domain, specifically related to modern computer hardware design and manufacturing processes, distribution, usage, their disposal and recycling. These various stages are analyzed under Three main objectives of exposing the threats to computer hardware, suggesting countermeasures to minimize or eliminate those threats and discussing about the utilization of various design tools that can assist in the way to securing these computer hardware systems in their day-to-day applications.

show abstract

Section: B) Architectural and System Threat Countermeasuresmentioning

confidence: 99%

Hardware Security and Trust: Trends, Challenges, and Design Tools

Siriwardana

2024

IRJIET

View full text Add to dashboard Cite

show abstract

“…[10] [11] [12] [13] [14] [15] [16] have demonstrated the ability to defeat various types of control-flow hijacking, because the control-flows in the attacks are not specified in the CFG, even while considering the powerful attacker model in which an attacker can read all memory and manipulate all writable memory. Hence, since its inception [1], CFI techniques have been steadily studied as a principle solution against controlflow hijacking, such as return-oriented programming (ROP) [17] and its variants [18] [19] [20].…”

Section: ] [2] [3] [4] [5] [6] [7] [8] [9]mentioning

confidence: 99%

“…Random CFI (RCFI) [13] works on the top of a base CFI scheme to boost performance of the base scheme without significant security loss. It means the following two things: (1) RCFI can make more synergy with performance-efficient base schemes than not, and (2) RCFI cannot solve the other limitations of the base scheme such as memory overhead.…”

Section: Limitations Of Optimization Strategies In Existing Schemesmentioning

confidence: 99%

BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph

Park

Lee

2023

IEEE Access

View full text Add to dashboard Cite

Control-flow integrity (CFI) is considered a principled mitigation against control-flow hijacking even under the most powerful attacker who can arbitrarily write and read memory. However, existing schemes still demonstrated limitations in either guaranteeing high security level or achieving low performance and memory overhead. These limitations have restricted the application of CFI in real software.To improve its applicability similar to mandatory protection schemes such as DEP and ASLR, it is essential to improve both high security guarantee and low overhead. In this paper, we propose "BGCFI", which is a fine-grained CFI based on a Bipartite Graph. The relationship between an indirect branch and a valid target address at the branch is represented by an edge in the bipartite graph. The verification of the indirect branch is achieved by checking the existence of the corresponding edge in the bipartite graph. The verification method for fine-grained CFI results in more efficiency on both computational and memory overhead, while completely preserving high security guarantee. We demonstrate our results through the implementation of a proof-of-concept module and evaluation on the SPEC CPU 2017 suite and the Firefox browser.INDEX TERMS Control-flow hijacking, control-data attack, control-flow integrity (CFI).

show abstract

“…In response to the challenges arising from software-based CFI, researchers have introduced hardware-based CFI techniques [35], [36], [37], [38], [39], [40], [41], [42], [43], [44], [45], [46] In terms of hardware, security experts design hardware circuits for processors or integrate additional storage capacity and instruction set extensions to implement CFI. Hardware-based CFI significantly reduces processor execution overhead.…”

Section: B the Current State Of Defense Against Code Reuse Attacksmentioning

confidence: 99%

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Li,

Wang,

et al. 2023

IEEE Access

View full text Add to dashboard Cite

Code reuse attacks (CRA) represent a type of control flow hijacking that attackers exploit to manipulate the standard program execution path, resulting in abnormal processor behaviors. In response to the security concern, proposals for Control Flow Integrity (CFI) verification have emerged. The CFI scheme diligently monitors program jumps during execution, effectively restraining abnormal program execution and robustly safeguarding against CRA. This paper provides a comprehensive analysis and synthesis of the current state of hardware-based CFI implementations. In this survey, we initially discuss common attack methods and variations of predominant CRA, elucidating the general procedural steps intrinsic to such attacks. We delve into the protective capacities inherent in contemporary hardware-based CFI implementations. By conducting a thorough examination and organization of diverse research endeavors on hardware-based CFI, we systematically classify CFI based on implementation methodologies, including label verification, instruction encryption, stack edge detection, instruction tracing, sensitive data isolation, and basic block validation. We provide comprehensive explanations and critical evaluations for each category followed by comparative analyses while offering personal insights on the evolution of hardware-based CFI.INDEX TERMS Code reuse attacks, Control Flow Integrity, Hardware-based CFI implementations.

show abstract

Random CFI (RCFI): Efficient Fine-Grained Control-Flow Integrity Through Random Verification

Cited by 6 publications

References 23 publications

Hardware Security and Trust: Trends, Challenges, and Design Tools

Hardware Security and Trust: Trends, Challenges, and Design Tools

BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph

Hardware-Based Software Control Flow Integrity: Review on the State-of-the-Art Implementation Technology

Contact Info

Product

Resources

About