Presented at
Black Hat Europe 2016,
Nov. 3, 2016, 2:30 p.m.
(60 minutes)
Control-flow integrity (CFI) is a general defense against code-reuse attacks. In theory, a CFI implementation mitigates control-flow hijacking by verifying that the control-flow transfer follows its legitimate path. However, CFI and its current implementations suffer from deficiencies with regard to either security or practicality: 1) they assume the extraction of a precise control-flow graph, which is not generally possible; 2) prior implementations have resulted in significant performance overhead; and 3) efficient software-based CFI implementations (e.g. Microsoft's Control-Flow Guard, GCC/LLVM's VTable Verification, Google's IFCC) often make concessions in the face of such performance limitations, weakening the policy's security.<br />
<br />
To date, almost all "efficient" CFI defenses can be shown to be bypassable. Weakening the CFI policy to achieve improved performance, in one form or another, is the culprit. A signficant amount of research has been conducted to address this singular point. While prior work has demonstrated significant improvements on these fronts, no existing CFI countermeasure has been able to address a new class of stealthy adversaries that bend control-flow hijacking attacks around the CFI policy itself. These attacks maliciously mimick the behavior of an ideally protected CFI application.<br />
<br />
To tackle these shortcomings, recent CFI defenses have begun to incorporate architectural or hardware/software co-design principles to strengthen the security guarantees of the defense. Intel has recently proposed its Control-flow Enforcement Technology (CET) along with the NSA and several research solutions. Much like past approaches, however, these systems are making concessions with the CFI policy to handle complex code contstructs, shared-libraries or multi-tasking, or otherwise improve the performance of the protected application.<br />
<br />
We present a general-purpose, hardware-enhanced CFI scheme that tackles these issues and allows the enforcement of diverse CFI policies. We provide a detailed analysis of existing hardware-assisted CFI defenses and show that our solution is more secure, efficient, and scalable. We demonstrate how careful systems-software and architectural design considerations can address prior issues with CFI implementations. We will elaborate on a CFI platform that handles shared-libraries with compiler-supported ISA extensions, as well as incorporating features to handle multi-tasking and interoperation with legacy applications. Our evaluation includes a detailed analysis of known bypasses of existing CFI protected systems, both in software and hardware, aimed to highlight why past approaches have failed. We further demonstrate that our approach shows resilience to these attacks and CFI vulnerabilities. Finally, we evaluate our solution against compute-intesive workloads and show high efficiency.
Presenters:
-
Yier Jin
- Dr., University of Central Florida and Cyber Immunity Lab
Yier Jin is currently an assistant professor in the ECE Department at the University of Central Florida. He is also a researcher in the Cyber Immunity Lab. He received his PhD degree in Electrical Engineering in 2012 from Yale University. His research focuses on the areas of trusted embedded systems, trusted hardware IP cores and hardware-software co-protection on computer systems. He is also interested in the security analysis on Internet of Things (IoT) and Cyber-Physical System (CPS).
-
Orlando Arias
- Mr., University of Central Florida
Orlando Arias is a Computer Engineering PhD student at the University of Central Florida. His research interests include device security, secure computer architectures, network security, IP core design and integration and cryptosystems. Mr. Arias was also a recipient of the Best Paper Award in the 52nd Design Automation Conference as part of his work in hardware-assisted control flow integrity systems, and a recipient of the A. Richard Newton Young Scholar Fellow award in the 52nd and 53rd Design Automation Conference.
-
Dean Sullivan
- Mr., University of Central Florida
Dean Sullivan is a Computer Engineering PhD student at the University of Central Florida. His research efforts are centered on hardware assisted cyber security systems. Mr. Sullivan was the recipient of the 52nd DAC Best Paper Award as part of his work in HAFIX: Hardware-Assisted Flow Integrity Extension, and a recipient of the A. Richard Newton Young Scholar Fellow award in the 53rd Design Automation Conference. He also holds a Bachelor's Degree in Science of Electrical Engineering from the University of Central Florida.
-
Ahmad-Reza Sadeghi
- Dr., Technische Universität Darmstadt
Ahmad-Reza Sadeghi is a full professor of Computer Science at Technische Universität Darmstadt, Germany. He is the head of the System Security Lab at the Center for Advanced Security Research Darmstadt (CASED) and the Director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt. He holds a Ph.D. in Computer Science from the University of Saarland in Saarbrücken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, amongst others Ericsson Telecommunications. He is Editor-In-Chief of IEEE Security and Privacy Magazine, and on the editorial board of ACM Books. He served 5 years on the editorial board of the ACM Transactions on Information and System Security (TISSEC), and was guest editor of the IEEE Transactions on Computer-Aided Design (Special Issue on Hardware Security and Trust).
Links:
Similar Presentations: