Publications

Publications

Type of Publication: Article in Collected Edition

Strategy Without Tactics: Policy-Agnostic Hardware-Enhanced Control-Flow Integrity

Author(s):
Sullivan, Dean; Arias, Orlando; Davi, Lucas; Larsen, Per; Sadeghi, Ahmad-Reza; Jin, Yier
Title of Anthology:
Proc. of 53rd Design Automation Conference (DAC)
Publication Date:
2016
Digital Object Identifier (DOI):
doi:10.1145/2897937.2898098
Link to complete version:
https://dl.acm.org/authorize?N28657
Citation:
LABEL-FOR-eidrisexport

Abstract

Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constitute a severe threat against diverse computing platforms. Existing CFI solutions (both in software and hardware) suffer from shortcomings such as (i) inefficiency, (ii) security weaknesses, or (iii) are not scalable. In this paper, we present a generic hardware-enhanced CFI scheme that tackles these problems and allows to enforce diverse CFI policies. Our approach fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist. We evaluate our implementation on SPARC LEON3 and demonstrate its high efficiency.