Modular control-flow integrity

Ben Niu, Gang Tan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

59 Scopus citations

Abstract

Control-Flow Integrity (CFI) is a software-hardening technique. It inlines checks into a program so that its execution always follows a predetermined Control-Flow Graph (CFG). As a result, CFI is effective at preventing control-flow hijacking attacks. However, past fine-grained CFI implementations do not support separate compilation, which hinders its adoption. We present Modular Control-Flow Integrity (MCFI), a new CFI technique that supports separate compilation. MCFI allows modules to be independently instrumented and linked statically or dynamically. The combined module enforces a CFG that is a combination of the individual modules' CFGs. One challenge in supporting dynamic linking in multithreaded code is how to ensure a safe transition from the old CFG to the new CFG when libraries are dynamically linked. The key technique we use is to have the CFG represented in a runtime data structure and have reads and updates of the data structure wrapped in transactions to ensure thread safety. Our evaluation on SPECCPU2006 benchmarks shows that MCFI supports separate compilation, incurs low overhead of around 5%, and enhances security.

Original languageEnglish (US)
Title of host publicationPLDI 2014 - Proceedings of the 2014 ACM SIGPLAN Conference on Programming Language Design and Implementation
PublisherAssociation for Computing Machinery
Pages577-587
Number of pages11
ISBN (Print)9781450327848
DOIs
StatePublished - 2014
Event35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014 - Edinburgh, United Kingdom
Duration: Jun 9 2014Jun 11 2014

Publication series

NameProceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI)

Other

Other35th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2014
CountryUnited Kingdom
CityEdinburgh
Period6/9/146/11/14

All Science Journal Classification (ASJC) codes

  • Software

Fingerprint Dive into the research topics of 'Modular control-flow integrity'. Together they form a unique fingerprint.

Cite this