Abstract
Programs are developed in a manner so that they execute and fulfill their intended purpose. In doing so, programmers trust the language to help them achieve their goals. Binary hardening is one such concept that prevents program behavior deviation and conveys the programmer’s intention. Therefore, to maintain the integrity of the program, measures need to be taken to avoid code-tampering. The proposed approach enforces code verification from instruction-to-instruction by using the programmer’s intended control flow. UnderTracker implements execution flow at the instruction cache by utilizing the read-only data-cache available in the program. The key idea is to place a control transfer code in data-cache and call it from instruction cache via labels. UnderTracker injects labels into the binary without affecting the semantics of the program. After the code execution starts, it verifies every control point’s legality before passing the control to the next instruction, by passively monitoring the execution flow. We proposed a cache-based monitoring method to verify code integrity. In this, we used side-channel information to monitor the program’s execution state. This monitoring system uses a sliding window scheme to detect the violation of code integrity with high reliability. This paper proposes an efficient technique, called UnderTracker to strengthen the binary integrity of an I/O intensive running program, with the nominal overhead of only 5-6% on top of the normal execution.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Data Availability
The code for this paper is available at https://github.com/rajesh-cse/Binary-hardning.
References
Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security (TISSEC), 13(1), 4.
Agrawal, H., Alberi, J., Bahler, L., Micallef, J., Virodov, A., Magenheimer, M., Snyder, S., Debroy, V., & Wong, E. (2012). Detecting hidden logic bombs in critical infrastructure software. In International Conference on Cyber Warfare and Security (pp. 1). Academic Conferences International Limited.
Andriesse, D., Bos, H., & Slowinska, A. (2015). Parallax: Implicit code integrity verification using return-oriented programming. In 2015 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 125–135): IEEE.
Bittau, A., Belay, A., Mashtizadeh, A., Mazières, D., & Boneh, D. (2014). Hacking blind. In 2014 IEEE Symposium On Security and Privacy (pp. 227–242): IEEE.
Bletsch, T., Jiang, X., Freeh, V.W., & Liang, Z. (2011). Jump-oriented programming: a new class of code-reuse attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, (pp. 30–40): ACM.
Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad: Generalizing return-oriented programming to risc. In Proceedings of the 15th ACM conference on Computer and communications security (pp. 27–38): ACM.
Burow, N., Carr, S.A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., & Payer, M. (2017). Control-flow integrity: Precision, security, and performance. ACM Computing Surveys (CSUR), 50(1), 16.
Carlini, N., Barresi, A., Payer, M., Wagner, D., & Gross, T.R. (2015). Control-flow bending: On the effectiveness of control-flow integrity. In USENIX Security Symposium (pp. 161–176).
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A-R, Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 559–572): ACM.
Chellali, M., & Maffray, F. (2012). Dominator colorings in some classes of graphs. In Graphs and Combinatorics (vol 28.1, pp. 97–107): Springer.
Christensen, H.K., & Brodal, G.S. (2016). Algorithms for Finding Dominators in Directed Graphs. PhD thesis, Aarhus Universitet, Datalogisk Institut.
Dang, T.H.Y., Maniatis, P., & Wagner, D. (2015). The performance cost of shadow stacks and stack canaries. In Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security (pp. 555–566): ACM.
Das, S., Zhang, W., & Liu, Y. (2016). A fine-grained control flow integrity approach against runtime memory attacks for embedded systems. IEEE Transactions on Very Large Scale Integration (VLSI) Systems, (11), 3193–3207.
Ding, R., Qian, C., Song, C., Harris, B., Kim, T., & Lee, W. (2017). Efficient protection of path-sensitive control security. In 26th USENIX Security Symposium (USENIX Security 17) (pp. 131–148). Vancouver: USENIX Association.
Gruss, D., Spreitzer, R., & Mangard, S. (2015). Cache template attacks: Automating attacks on inclusive last-level caches. In 24th {USENIX} Security Symposium ({USENIX} Security 15) (pp. 897–912).
Hota, C., Shrivastava, R.K., & Shipra, S. (2017). Tamper-resistant code using optimal rop gadgets for iot devices. In 2017 13th International Wireless Communications and Mobile Computing Conference (IWCMC) (pp. 570–575): IEEE.
Jaloyan, G.-A., Markantonakis, K., Akram, Raja N, Robin, D., Mayes, K., & Naccache, D. (2020). Return-Oriented Programming on RISC-V. Proceedings of the 15th ACM Asia Conference on Computer and Communications Security (pp. 471–480).
Lengauer, T., & Tarjan, R.E. (1979). A fast algorithm for finding dominators in a flowgraph. ACM Transactions on Programming Languages and Systems (TOPLAS), 1(1), 121–141.
Liu, F., Yarom, Y., Ge, Q., Heiser, G., & Lee, R.B. (2015). Last-level cache side-channel attacks are practical. In 2015 IEEE Symposium on Security and privacy (SP) (pp. 605–622): IEEE.
Marco-Gisbert, H., & Ripoll, I. (2013). Preventing brute force attacks against stack canary protection on networking servers. In 2013 12th IEEE International Symposium on Network Computing and Applications (NCA) (pp. 243–250): IEEE.
Osvik, D.A., Shamir, A., & Tromer, E. (2006). Cache attacks and countermeasures: the case of aes, in: Cryptographers’ track at the RSA conference (pp. 1–20): Springer.
Pappas, V., Polychronakis, M., & Keromytis, A.D. (2013). Transparent rop exploit mitigation using indirect branch tracing. In USENIX Security Symposium (pp. 447–462).
Prandini, M., & Ramilli, M. (2012). Return-oriented programming. IEEE Security & Privacy, 10 (6), 84–87.
Qiang, W., Huang, Y., Zou, D., Jin, H., Wang, S., & Sun, G. (2017). Fully context-sensitive cfi for cots binaries. In Australasian Conference on Information Security and Privacy (pp. 435–442): Springer.
Profile-guided code identification and hardening using return oriented programming, Shrivastava, R.K., & Hota, C. (2019). In Journal of Information Security and Applications (vol. 48, pp. 102364): Publisher Elsevier.
Shrivastava, R., Hota, C., & Shrivastava, P. (201a). Protection against code exploitation using ROP and check-summing in IoT environment. In 2017 5th International Conference on Information and Communication Technology (ICoIC7) (ICoICT 2017). Melaka.
Shrivastava, R.K., Mishra, S., Barua, S., & Hota, C. (2017b). Resilient complex event processing in iot using side-channel information. In Proceedings of the 10th International Conference on Security of Information and Networks (pp. 80–87): ACM.
Wang, M., Yin, H., Bhaskar, A.V., Su, P., & Feng, D. (2015). Binary code continent: Finer-grained control flow integrity for stripped binaries. In Proceedings of the 31st Annual Computer Security Applications Conference (pp. 331–340): ACM.
Wei, T., Wang, T., Duan, L., & Luo, J. (2010). Secure dynamic code generation against spraying. In Proceedings of the 17th ACM conference on Computer and communications security (pp. 738–740): ACM.
Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., & Joosen, W. (2011). Ripe: runtime intrusion prevention evaluator. In Proceedings of the 27th Annual Computer Security Applications Conference (pp. 41–50): ACM.
Wurster, Glenn, Van Oorschot, P.C., & Somayaji, A. (2005). A generic attack on checksumming-based software tamper resistance. In 2005 IEEE Symposium on Security and Privacy (pp. 127–138): IEEE.
Xia, Y., Liu, Y., Chen, H., & Zang, B. (2012). Cfimon: Detecting violation of control flow integrity using performance counters. In 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN) (pp. 1–12): IEEE.
Zhang, Y., Juels, A., Oprea, A., & Reiter, M.K. (2011). Homealone: Co-residency detection in the cloud via side-channel analysis. In 2011 IEEE symposium on security and privacy (pp. 313–328): IEEE.
Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., & Zou, W. (2013). Practical control flow integrity and randomization for binary executables. In 2013 IEEE Symposium on Security and Privacy (SP) Practical control flow (pp. 559–573): IEEE.
Zhang, M., & Sekar, R. (2015). Control flow and code integrity for cots binaries: An effective defense against real-world rop attacks. In Proceedings of the 31st Annual Computer Security Applications Conference (pp. 91–100): ACM.
Acknowledgments
This work is supported by the Ministry of Electronics and Information Technology (MeitY), Govt. of India, and the Netherlands Organization for Scientific research (NWO), Netherlands.
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Shrivastava, R.K., Hota, C. UnderTracker: Generating Robust Binaries Using Execution Flow Traces. Inf Syst Front 23, 915–930 (2021). https://doi.org/10.1007/s10796-020-10095-4
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10796-020-10095-4