A case against indirect jumps for secure programs

Gonzalvez, Alexandre; Lashermes, Ronan

doi:10.1145/3371307.3371314

Cited by 4 publications

(1 citation statement)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The precision of the resulting CFG directly translates to granularity of CFI protection. Extracting the possible set of targets of indirect control flow transfers in order to construct such a CFG perfectly is (in general) undecidable [18] and out of the focus of this work.…”

Section: B Instrumentationmentioning

confidence: 99%

Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

Telesklav¹,

Tauner²

2021

Preprint

View full text Add to dashboard Cite

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and mitigate such attacks. In recent years, many hardwareassisted implementations of CFI enforcement based on control flow graphs (CFGs) have been presented by academia. Such approaches check whether control flow transfers follow the intended CFG by limiting the valid target addresses. However, these papers all target different platforms and were evaluated with different sets of benchmark applications, which makes quantitative comparisons hardly possible.For this paper, we have implemented multiple promising CFGbased CFI schemes on a common platform comprising a RISC-V SoC within an FPGA. By porting almost 40 benchmark applications to this system we can present a meaningful comparison of the various techniques in terms of run-time performance, hardware utilization, and binary size. In addition, we present an enhanced CFI approach that is inspired by what we consider the best concepts and ideas of previously proposed mechanisms. We have made this approach more practical and feature-complete by tackling some problems largely ignored previously. We show with this fine-grained scheme that CFI can be achieved with even less overheads than previously demonstrated.

show abstract

Section: B Instrumentationmentioning

confidence: 99%

Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

Telesklav¹,

Tauner²

2021

Preprint

View full text Add to dashboard Cite

show abstract

A CCFI Verification Scheme Based on the RISC-V Trace Encoder

Zgheib

Potin

Rigaud

et al. 2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

BinCC: Scalable Function Similarity Detection in Multiple Cross-Architectural Binaries

Pizzolotto

Inoue

2022

IEEE Access

View full text Add to dashboard Cite

With the undeniable increase in popularity of open source software, also the availability and reuse of source code have increased. While the detection of code clones helps tracking reuse and evolution while dealing with source code, little prior work exists that can be used in binary code. This is complicated by the increased difficulty posed by the compilation transformations. In this paper, we present a CFG refinement useful to find function-level clones in a fast and scalable way by comparing the high-level structure of multiple disassembled binaries altogether. We are capable of determining if functions belonging to other programs have been copied or reused, even when the processor architecture is different. Specifically, our algorithm consists in the extraction of the various functions flows and the reconstruction of a higher level structure, leveraging architectural differences and allowing efficient comparison in linear time with structural hashing. We implemented our idea in a tool called BinCC, and analyzed 24 million functions spanning different architectures and optimization levels. Results show that our approach can achieve precision between 91% and 99% within the same architecture and 75% in detecting clones among different architectures, and can also detect the presence of specific library functions inside an executable. Our approach can reach comparable precision of current state-of-the-art learning approaches while being three order of magnitude faster.

show abstract

A case against indirect jumps for secure programs

Cited by 4 publications

References 15 publications

Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

A CCFI Verification Scheme Based on the RISC-V Trace Encoder

BinCC: Scalable Function Similarity Detection in Multiple Cross-Architectural Binaries

Contact Info

Product

Resources

About