BCI-CFI: A Context-Sensitive Control-Flow Integrity Method Based on Branch Correlation Integrity,Information and Software Technology

当前位置： X-MOL 学术 › Inf. Softw. Technol. › 论文详情

Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)

BCI-CFI: A Context-Sensitive Control-Flow Integrity Method Based on Branch Correlation Integrity
Information and Software Technology ( IF 3.8 ) Pub Date : 2021-03-19 , DOI: 10.1016/j.infsof.2021.106572
Ye Wang , Qingbao Li , Zhifeng Chen , Ping Zhang , Guimin Zhang , Zhihui Shi

Context

: As part of the arms race, one emerging attack methodology has been control-hijacking attacks, e.g., return-oriented programming (ROP). Control-flow integrity (CFI) is a generic and effective defence against most control-hijacking attacks. However, existing CFI mechanisms have poor security as demonstrated by their equivalence class (EC) sizes, which are sets of targets that CFI policies cannot distinguish. Adversaries can choose an illegitimate control transfer within an EC that is included in the resulting CFG and incorrectly allowed by CFI protection policies.

Objective

: The paper introduces a context-sensitive control-flow integrity method, which aims to improve the security of CFI and prevent ROP attacks.

Method

: The paper presents BCI-CFI, a context-sensitive CFI technique based on branch correlation integrity (BCI), which can effectively break down EC sizes and improve the security of CFI. BCI-CFI takes the branch correlation relationship (i.e., a new type of context for CFI) as contextual information to refine the CFI policy and identify the BCI pairs in the target program via static analysis. Furthermore, the paper introduces a state machine M_CFI for BCI-CFI to conduct target validation for the indirect control-flow transfer (ICT) instructions in the target program at runtime.

Results

: Our results show that, (i) BCI-CFI prevented adversaries from manipulating the control data and launching ROP attacks, (ii) protected both forward and backward ICT in the target program, and improved the security and effectiveness of CFI, and (iii) BCI-CFI introduced a 19.67% runtime overhead on average and a maximum runtime overhead of 31.2%

Conclusion

: BCI-CFI is a context-sensitive CFI technique aiming to prevent adversaries from manipulating the control data of the target program to launch ROP attacks. BCI-CFI can reduce EC sizes and improve the security of CFI while incurring a moderate runtime overhead on average.

中文翻译：

BCI-CFI：一种基于分支相关完整性的上下文敏感控制流完整性方法

语境

：作为军备竞赛的一部分，一种新兴的攻击方法是控制劫持攻击，例如，面向返回的编程（ROP）。控制流完整性（CFI）是针对大多数控制劫持攻击的通用有效防御措施。但是，现有的CFI机制的安全性很差，如等效类（EC）大小所示，这是CFI策略无法区分的目标集。攻击者可以在EC中选择非法的控制权转移，该转移包括在生成的CFG中，并且被CFI保护策略错误地允许。

客观的

：本文介绍了一种上下文相关的控制流完整性方法，旨在提高CFI的安全性并防止ROP攻击。

方法

：本文介绍了BCI-CFI，这是一种基于分支相关完整性（BCI）的上下文相关CFI技术，可以有效地分解EC大小并提高CFI的安全性。BCI-CFI将分支相关关系（即CFI的新型上下文）作为上下文信息，以完善CFI策略并通过静态分析识别目标程序中的BCI对。此外，本文介绍了用于BCI-CFI的状态机M _CFI，以便在运行时对目标程序中的间接控制流传输（ICT）指令进行目标验证。