Ecole d'ingénieur et centre de recherche en Sciences du numérique

Taming transactions: Towards hardware-assisted control flow integrity using transactional memory

Muench, Marius, Pagani, Fabio, Shoshitaishvili, Yan, Kruegel, Christopher; Vigna, Giovanni; Balzarotti, Davide

RAID 2016, 19th International Symposium on Research in Attacks, Intrusions and Defenses, September 19-21, 2016, Evry, France / Also published in LNCS, Vol. 9854

Control Flow Integrity (CFI) is a promising defense technique against code-reuse attacks. While proposals to use hardware features to support CFI already exist, there is still a growing demand for an architectural CFI support on commodity hardware. To tackle this problem, in this paper we demonstrate that the Transactional Synchronization Extensions (TSX) recently introduced by Intel in the x86-64 instruction set can be used to support CFI. The main idea of our approach is to map control flow transitions into transactions. This way, violations of the intended control flow graphs would then trigger transactional aborts, which constitutes the core of our TSX-based CFI solution. To prove the feasibility of our technique, we designed and implemented two coarse-grained CFI proof-of-concept implementations using the new TSX features. In particular, we show how hardware-supported transactions can be used to enforce both loose CFI (which does not need to extract the control flow graph in advance) and strict CFI (which requires pre-computed labels to achieve a better precision). All solutions are based on a compile-time instrumentation. We evaluate the effectiveness and overhead of our implementations to demonstrate that a TSX-based implementation contains useful concepts for architectural control flow integrity support.

Document Doi Bibtex

Titre:Taming transactions: Towards hardware-assisted control flow integrity using transactional memory
Mots Clés:Control Flow Integrity, Transactional Memory, Intel R TSX, Binary Hardening, Software Security
Type:Conférence
Langue:English
Ville:Evry
Pays:FRANCE
Date:
Département:Sécurité numérique
Eurecom ref:4964
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in RAID 2016, 19th International Symposium on Research in Attacks, Intrusions and Defenses, September 19-21, 2016, Evry, France / Also published in LNCS, Vol. 9854 and is available at : http://dx.doi.org/10.1007/978-3-319-45719-2_2
Bibtex: @inproceedings{EURECOM+4964, doi = {http://dx.doi.org/10.1007/978-3-319-45719-2_2}, year = {2016}, title = {{T}aming transactions: {T}owards hardware-assisted control flow integrity using transactional memory}, author = {{M}uench, {M}arius, {P}agani, {F}abio, {S}hoshitaishvili, {Y}an, {K}ruegel, {C}hristopher and {V}igna, {G}iovanni and {B}alzarotti, {D}avide}, booktitle = {{RAID} 2016, 19th {I}nternational {S}ymposium on {R}esearch in {A}ttacks, {I}ntrusions and {D}efenses, {S}eptember 19-21, 2016, {E}vry, {F}rance / {A}lso published in {LNCS}, {V}ol. 9854 }, address = {{E}vry, {FRANCE}}, month = {09}, url = {http://www.eurecom.fr/publication/4964} }
Voir aussi: