TY - GEN
T1 - Controlling your control flow graph
AU - Kanuparthi, Arun
AU - Rajendran, Jeyavijayan
AU - Karri, Ramesh
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/6/20
Y1 - 2016/6/20
N2 - Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.
AB - Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.
UR - http://www.scopus.com/inward/record.url?scp=84979502862&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84979502862&partnerID=8YFLogxK
U2 - 10.1109/HST.2016.7495554
DO - 10.1109/HST.2016.7495554
M3 - Conference contribution
AN - SCOPUS:84979502862
T3 - Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
SP - 43
EP - 48
BT - Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
Y2 - 3 May 2016 through 5 May 2016
ER -