Abstract
Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.
| Original language | English |
|---|---|
| Article number | 8606926 |
| Pages (from-to) | 10811-10822 |
| Number of pages | 12 |
| Journal | IEEE Access |
| Volume | 7 |
| DOIs | |
| Publication status | Published - 2019 |
Bibliographical note
Publisher Copyright:© 2013 IEEE.
Keywords
- Control data
- control flow integrity
- indirect branch
- instruction set architecture
- software security
ASJC Scopus subject areas
- General Computer Science
- General Materials Science
- General Engineering