Architectural support for software-based protection

Control-Flow Integrity (CFI) is a property that guarantees program control flow cannot be subverted by a malicious adversary, even if the adversary has complete control of data memory. We have shown in prior work how CFI can be enforced by using inlined software guards that perform safety checks. The first part of this paper shows how modest Instruction Set Architecture (ISA) support can replace such guard code with single instructions.On the foundation of CFI we have implemented XFI: a protection system that offers fine-grained memory access control and fundamental integrity guarantees for critical system state. XFI can be seen as a flexible, generalized form of software-based fault isolation (SFI). In the second part of this paper we present ISA support for XFI, in the form of simple bounds-check instructions.CFI and XFI can significantly increase the security and integrity of software execution. Our results indicate that support for CFI and XFI is a straightforward, simple addition to hardware architectures. Compared to software guards, such hardware support increases the efficiency and simplicity of enforcement.

[1]  Miguel Castro,et al.  Securing software by enforcing data-flow integrity , 2006, OSDI '06.

[2]  George Varghese,et al.  Hardware and Binary Modification Support for Code Pointer Protection From Buffer Overflow , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[3]  Darko Kirovski,et al.  A Hardware-Software Platform for Intrusion Prevention , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[4]  Tao Zhang,et al.  Anomalous path detection with hardware support , 2005, CASES '05.

[5]  Wei Liu,et al.  Efficient and flexible architectural support for dynamic monitoring , 2005, TACO.

[6]  David Zhang,et al.  Secure program execution via dynamic information flow tracking , 2004, ASPLOS XI.

[7]  Miodrag Potkonjak,et al.  MediaBench: a tool for evaluating and synthesizing multimedia and communications systems , 1997, Proceedings of 30th Annual International Symposium on Microarchitecture.

[8]  Doug,et al.  Sim-alpha : a Validated , Exe ution-Driven Alpha 21264 SimulatorRajagopalan Desikan , 2001 .

[9]  Jonathan D. Pincus,et al.  Beyond stack smashing: recent advances in exploiting buffer overruns , 2004, IEEE Security & Privacy Magazine.

[10]  Robert Wahbe,et al.  Efficient software-based fault isolation , 1994, SOSP '93.

[11]  Dan Boneh,et al.  Architectural Support For Copy And Tamper-Resistant Software PhD Thesis , 2003 .

[12]  Martín Abadi,et al.  XFI: software guards for system address spaces , 2006, OSDI '06.

[13]  Brian N. Bershad,et al.  Improving the reliability of commodity operating systems , 2005, TOCS.

[14]  Nasir D. Memon,et al.  SAFE-OPS: An approach to embedded software security , 2005, TECS.

[15]  John A. Fotheringham,et al.  Dynamic storage allocation in the Atlas computer, including an automatic use of a backing store , 1961, Commun. ACM.

[16]  James R. Larus,et al.  Fine-grain access control for distributed shared memory , 1994, ASPLOS VI.

[17]  Anatol W. Holt,et al.  Program organization and record keeping for dynamic storage allocation , 1961, IFIP Congress.

[18]  Martín Abadi,et al.  A Theory of Secure Control Flow , 2005, ICFEM.

[19]  Frederic T. Chong,et al.  Minos: Control Data Attack Prevention Orthogonal to Memory Model , 2004, 37th International Symposium on Microarchitecture (MICRO-37'04).

[20]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[21]  Krste Asanovic,et al.  Mondrian memory protection , 2002, ASPLOS X.

[22]  Jack B. Dennis,et al.  Programming semantics for multiprogrammed computations , 1966, CACM.

[23]  Koen De Bosschere,et al.  Link-time binary rewriting techniques for program compaction , 2005, TOPL.