Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Control Flow Integrity Enforcement with Dynamic Code Optimization

  • Conference paper
  • First Online:
Information Security (ISC 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9866))

Included in the following conference series:

Abstract

Control Flow Integrity (CFI) is an attractive security property with which most injected and code reuse attacks can be defeated, including advanced attacking techniques like Return-Oriented Programming (ROP). However, comprehensive enforcement of CFI is expensive due to additional supports needed (e.g., compiler support and presence of relocation or debug information) and performance overhead. Recent research has been trying to strike the balance among reasonable approximation of the CFI properties, minimal additional supports needed, and acceptable performance. We investigate existing dynamic code optimization techniques and find that they provide an architecture on which CFI can be enforced effectively and efficiently. In this paper, we propose and implement DynCFI that enforces security policies on a well established dynamic optimizer and show that it provides comparable CFI properties with existing CFI implementations while lowering the overall performance overhead from 28.6 % to 14.8 %. We further perform comprehensive evaluations and shed light on the exact amount of savings contributed by the various components of the dynamic optimizer including basic block cache, trace cache, branch prediction, and indirect branch lookup.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. DynamoRIO. http://www.dynamorio.org/

  2. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM (2005)

    Google Scholar 

  3. Bala, V., Duesterwald, E., Banerjia, S.: Dynamo: a transparent dynamic optimization system. In: ACM SIGPLAN Notices, vol. 35, pp. 1–12. ACM (2000)

    Google Scholar 

  4. Bletsch, T., Jiang, X., Freeh, V.: Mitigating code-reuse attacks with control-flow locking. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 353–362. ACM (2011)

    Google Scholar 

  5. Bruening, D.: Efficient, transparent, and comprehensive runtime code manipulation. Ph.D. thesis. Massachusetts Institute of Technology (2004)

    Google Scholar 

  6. Carlini, N., Wagner, D.: Rop is still dangerous: breaking modern defenses. In: USENIX Security Symposium (2014)

    Google Scholar 

  7. Chen, P., Xing, X., Han, H., Mao, B., Xie, L.: Efficient detection of the return-oriented programming malicious code. In: Jha, S., Mathuria, A. (eds.) ICISS 2010. LNCS, vol. 6503, pp. 140–155. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  8. Chen, W.-K., Lerner, S., Chaiken, R., Gillies, D.M.: Mojo: a dynamic optimization system. In: 3rd ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-3), pp. 81–90 (2000)

    Google Scholar 

  9. Dang, T.H., Maniatis, P., Wagner, D.: The performance cost of shadow stacks and stack canaries. In: ACM Symposium on Information, Computer and Communications Security, ASIACCS, vol. 15 (2015)

    Google Scholar 

  10. Davi, L., Sadeghi, A.-R., Winandy, M.: ROPdefender: a detection tool to defend against return-oriented programming attacks. In: Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pp. 40–51. ACM (2011)

    Google Scholar 

  11. Deaver, D., Gorton, R., Rubin, N., Wiggins, R.: An on-line program specializer. In: Proceedings of the IEEE Hot Chips XI Conference (1999)

    Google Scholar 

  12. Fratric, I.: Runtime Prevention of Return-Oriented Programming Attacks. University of Zagreb (2012)

    Google Scholar 

  13. Goktas, E., Athanasopoulos, E., Bos, H., Portokalidis, G.: Out of control: overcoming control-flow integrity. In: 2014 IEEE Symposium on Security and Privacy (SP), pp. 575–589. IEEE (2014)

    Google Scholar 

  14. Intel Corporation. Intell\(\textregistered \)64 and IA-32 Architectures Software Developer’s Manual (2015)

    Google Scholar 

  15. Kiriansky, V., Bruening, D., Amarasinghe, S.P.: Secure execution via program shepherding. In: USENIX Security Symposium, vol. 92 (2002)

    Google Scholar 

  16. Luk, C.-K., Cohn, R., Muth, R., Patil, H., Klauser, A., Lowney, G., Wallace, S., Reddi, V.J., Hazelwood, K.: Pin: building customized program analysis tools with dynamic instrumentation. In: ACM Sigplan Notices, vol. 40, pp. 190–200. ACM (2005)

    Google Scholar 

  17. Mathias, P., Antonio, B., Thomas, R.: Fine-grained control-flow integrity through binary hardening. In: Almgren, M., Gulisano, V., Maggi, F. (eds.) Detection of Intrusions and Malware, and Vulnerability Assessment. LNCS, vol. 9148, pp. 144–164. Springer, Cham (2015)

    Chapter  Google Scholar 

  18. Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K., Franz, M.: Opaque control-flow integrity. In: Symposium on Network and Distributed System Security (NDSS) (2015)

    Google Scholar 

  19. Niu, B., Tan, G.: Modular control-flow integrity. In: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation, p. 58. ACM (2014)

    Google Scholar 

  20. Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: USENIX Security, pp. 447–462 (2013)

    Google Scholar 

  21. Schuster, F., Tendyck, T., Pewny, J., Maaß, A., Steegmanns, M., Contag, M., Holz, T.: Evaluating the effectiveness of current anti-ROP defenses. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 88–108. Springer, Heidelberg (2014)

    Google Scholar 

  22. Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM Conference on Computer and Communications Security, pp. 552–561. ACM (2007)

    Google Scholar 

  23. van der Veen, V., Göktas, E., Contag, M., Pawlowski, A., Chen, X., Rawat, S., Bos, H., Holz, T., Athanasopoulos, E., Giuffrida, C.: A tough call: mitigating advanced code-reuse attacks at the binary level. In: IEEE Symposium on Security and Privacy (S&P) (2016)

    Google Scholar 

  24. Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., Joosen, W.: RIPE: Runtime Intrusion Prevention Evaluator. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 41–50. ACM (2011)

    Google Scholar 

  25. Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: detecting violation of control flow integrity using performance counters. In: 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), pp. 1–12. IEEE (2012)

    Google Scholar 

  26. Yuan, P., Zeng, Q., Ding, X.: Hardware-assisted fine-grained code-reuse attack detection. In: Bos, H., et al. (eds.) Raid 2015. LNCS, vol. 9404, pp. 66–85. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26362-5_4

    Chapter  Google Scholar 

  27. Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 559–573 (2013)

    Google Scholar 

  28. Zhang, M., Sekar, L.: Control flow integrity for COTS binaries. In: Proceedings of the 22th USENIX Security Symposium, pp. 337–352 (2013)

    Google Scholar 

Download references

Acknowledgment

This work was supported by No. 61373168 and No. 20120141110002.

Author information

Authors and Affiliations

  1. School of Information Systems, Singapore Management University, Singapore, Singapore

    Yan Lin, Xiaoxiao Tang & Debin Gao

  2. Computer School, Wuhan University, Wuhan, China

    Jianming Fu

Authors
  1. Yan Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiaoxiao Tang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Debin Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jianming Fu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yan Lin .

Editor information

Editors and Affiliations

  1. University of California , Davies, USA

    Matt Bishop

  2. University of Washington , Tacoma, Washington, USA

    Anderson C A Nascimento

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Lin, Y., Tang, X., Gao, D., Fu, J. (2016). Control Flow Integrity Enforcement with Dynamic Code Optimization. In: Bishop, M., Nascimento, A. (eds) Information Security. ISC 2016. Lecture Notes in Computer Science(), vol 9866. Springer, Cham. https://doi.org/10.1007/978-3-319-45871-7_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-45871-7_22

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-45870-0

  • Online ISBN: 978-3-319-45871-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation