| Title | Basic Block Encoding Based Run-Time CFI Check for Embedded Software |
| Publication Type | Conference Paper |
| Year of Publication | 2020 |
| Authors | Sah, Love Kumar, Polnati, Srivarsha, Islam, Sheikh Ariful, Katkoori, Srinivas |
| Conference Name | 2020 IFIP/IEEE 28th International Conference on Very Large Scale Integration (VLSI-SOC) |
| Date Published | Oct. 2020 |
| Publisher | IEEE |
| ISBN Number | 978-1-7281-5409-1 |
| Keywords | Aerospace electronics, composability, Human Behavior, human factors, Payloads, Pipelines, process control, Programming, pubcrawl, resilience, Resiliency, return oriented programming, Runtime, Scalability, Very large scale integration |
| Abstract | Modern control flow attacks circumvent existing defense mechanisms to transfer the program control to attacker chosen malicious code in the program, leaving application vulnerable to attack. Advanced attacks such as Return-Oriented Programming (ROP) attack and its variants, transfer program execution to gadgets (code-snippet that ends with return instruction). The code space to generate gadgets is large and attacks using these gadgets are Turing-complete. One big challenge to harden the program against ROP attack is to confine gadget selection to a limited locations, thus leaving the attacker to search entire code space according to payload criteria. In this paper, we present a novel approach to label the nodes of the Control-Flow Graph (CFG) of a program such that labels of the nodes on a valid control flow edge satisfy a Hamming distance property. The newly encoded CFG enables detection of illegal control flow transitions during the runtime in the processor pipeline. Experimentally, we have demonstrated that the proposed Control Flow Integrity (CFI) implementation is effective against control-flow hijacking and the technique can reduce the search space of the ROP gadgets upto 99.28%. We have also validated our technique on seven applications from MiBench and the proposed labeling mechanism incurs no instruction count overhead while, on average, it increases instruction width to a maximum of 12.13%. |
| URL | https://ieeexplore.ieee.org/document/9344102 |
| DOI | 10.1109/VLSI-SOC46417.2020.9344102 |
| Citation Key | sah_basic_2020 |
Basic Block Encoding Based Run-Time CFI Check for Embedded Software