BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph

Moon Chan Park, Dong Hoon Lee

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

Control-flow integrity (CFI) is considered a principled mitigation against control-flow hijacking even under the most powerful attacker who can arbitrarily write and read memory. However, existing schemes still demonstrated limitations in either guaranteeing high security level or achieving low performance and memory overhead. These limitations have restricted the application of CFI in real software. To improve its applicability similar to mandatory protection schemes such as DEP and ASLR, it is essential to improve both high security guarantee and low overhead. In this paper, we propose 'BGCFI', which is a fine-grained CFI based on a Bipartite Graph. The relationship between an indirect branch and a valid target address at the branch is represented by an edge in the bipartite graph. The verification of the indirect branch is achieved by checking the existence of the corresponding edge in the bipartite graph. The verification method for fine-grained CFI results in more efficiency on both computational and memory overhead, while completely preserving high security guarantee. We demonstrate our results through the implementation of a proof-of-concept module and evaluation on the SPEC CPU 2017 suite and the Firefox browser.

Original languageEnglish
Pages (from-to)4291-4305
Number of pages15
JournalIEEE Access
Volume11
DOIs
Publication statusPublished - 2023

Bibliographical note

Publisher Copyright:
© 2013 IEEE.

Keywords

  • Control-flow hijacking
  • control-data attack
  • control-flow integrity (CFI)

ASJC Scopus subject areas

  • Engineering(all)
  • Materials Science(all)
  • Computer Science(all)

Fingerprint

Dive into the research topics of 'BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph'. Together they form a unique fingerprint.

Cite this