Attackers often exploit memory corruption vulnerabilities to overwrite control data and further gain control over victim applications. Despite progress in advanced defensive techniques, such attacks still remain a major security threat. In this article, we present Niffler, a new technique that provides lightweight and practical defense against such attacks. Niffler eliminates the threat of memory corruption over control data by cloaking all control data in registers along its execution and only spilling them into a dedicated read-only area in memory upon a shortage of registers. As an attacker cannot directly overwrite any register or read-only memory pages, no direct memory corruption on control data is feasible. Niffler is made efficient by compactly encoding return address, balancing register allocation, dynamically determining register spilling and leveraging the recent Intel Memory Protection Extensions (MPX) for control data lookup during register restoring. We implement Niffler based on LLVM and conduct a set of evaluations on SPECCPU 2006 and real-world applications. Performance evaluation shows that Niffler introduces an average of only 6.3 percent overhead on SPECCPU 2006 C programs and an average of 28.2 percent overhead on C++ programs.

中文翻译：

---

通过基于寄存器的数据伪装实现安全高效的控制数据隔离

攻击者经常利用内存损坏漏洞覆盖控制数据并进一步控制受害应用程序。尽管先进的防御技术取得了进展，但此类攻击仍然是主要的安全威胁。在本文中，我们将介绍 Niffler，这是一种新技术，可提供针对此类攻击的轻量级实用防御。Niffler 通过在执行过程中将所有控制数据隐藏在寄存器中，并且仅在寄存器不足时才将它们溢出到内存中的专用只读区域，从而消除了内存损坏对控制数据的威胁。由于攻击者无法直接覆盖任何寄存器或只读内存页面，因此控制数据上的直接内存损坏是不可行的。Niffler 通过紧凑编码返回地址、平衡寄存器分配、动态确定寄存器溢出并利用最新的英特尔内存保护扩展 (MPX) 在寄存器恢复期间进行控制数据查找。我们基于 LLVM 实现了 Niffler，并对 SPECCPU 2006 和实际应用程序进行了一组评估。性能评估表明，Niffler 在 SPECCPU 2006 C 程序上引入的开销平均仅为 6.3%，在 C++ 程序上引入的开销平均为 28.2%。