Stateful Forward-Edge CFI Enforcement with Intel MPX
This paper presents a stateful forward-edge CFI mechanism based on a novel use of the Intel Memory Protection Extensions(MPX)technology.To enforce stateful CFI policies,we protect against malicious modification of pointers on the dereference pathes of indirect jumps or function calls by saving these pointers into shadow memory.Intel MPX,which stores pointers bounds into shadow memory,offers the capability of managing the copy for these indirect dereferenced pointers.There are two challenges in applying MPX to forward-edge CFI enforcement.First,as MPX is designed to protect against every pointers that may incurs memory errors,MPX incurs unacceptable runtime overhead.Second,the MPX defense has holes when maintaining interoperability with legacy code.We address these challenges by only protecting the pointers on the dereference pathes of indirect function calls and jumps,and making a further check on the loaded pointer value.We have implemented our mechanism on the LLVM compiler and evaluated it on a commodity Intel Skylake machine with MPX support.Evaluation results show that our mechanism is effective in enforcing forward-edge CFI,while incurring acceptable performance overhead.
Code-reuse attacks Control-flow integrity Shadow stack Shadow memory MPX LLVM
Jun Zhang Rui Hou Wei Song Zhiyuan Zhan Boyan Zhao Mingyu Chen Dan Meng
Hubei University of Arts and Science,Xiangyang,China;State Key Laboratory of Computer Architecture,I Institute of Information Engineering,CAS,Beijing,China Institute of Information Engineering,CAS,Beijing,China;University of Chinese Academy of Sciences,Bei State Key Laboratory of Computer Architecture,ICT,CAS,Beijing,China;University of Chinese Academy of
国际会议
the 12th Conference on Advanced Computer Architecture?(ACA 2018)(2018年全国计算机体系结构学术年会)
辽宁营口
英文
79-94
2018-08-10(万方平台首次上网日期,不代表论文的发表时间)