Download presentation
Presentation is loading. Please wait.
Published byBrian Gonzales Modified over 11 years ago
1
Architectural Support for Software-Based Protection Mihai Budiu Úlfar Erlingsson Martín Abadi ASID Workshop, Oct 21, 2006 Silicon Valley
2
Summary CFIXFI Enforce control flow to prevent software attacks [CCS 05] [ICFEM 05] Protect modules within a single address space [OSDI 06] 2 This work: add hardware support
3
Outline Control-Flow Integrity XFI: Protecting Modules Conclusions 3
4
CFI Motivation 4 Control flow Anatomy of many software attacks
5
CFI Idea 5 ExecutableControl-Flow Graph += Self-checking program
6
CFI Security Benefits Enforces CFG against attacker that controls whole data memory Defends against a large class of attacks – Buffer overflows – Stack smashing – Jump-to-libc – Pointer subterfuge Validated experimentally 6 Code Data Stack
7
Embedding a CFG Edge 7 jmpc r1, 50...... cfilabel 60 …. cfilabel 50..... jmp r1...... dest:..... ? Traditional indirect jumpNew ISA: checked jump and label
8
Semantics 8 jmpc r1, Lcfilabel L cfi_register = L; jmp r1 if (cfi_register == L) cfi_register = 0 before any instruction except cfilabel if (cfi_register != 0) cfi_exception()
9
Evaluation 9 Binary Squeeze++ binary rewriter instrumentation algorithm Sim-alpha simulator Alpha CC Spec2k Sources Instrumented binary Performance data Linux
10
CFI Execution Overhead
11
Outline Control-Flow Integrity XFI: Protecting Modules Conclusions 11
12
XFI Motivation 12 OS KernelDriver Ring 0 (high privilege) Single address space Kernel heap Shared data structure
13
XFI Address Spaces 13 Host systemXFI Module Data R/O Data R/W Data Stacks Code Entry points Fastpath region AB Slowpath region Host heap
14
Memory Bounds Checks 14 Host systemXFI Module Data R/O Data R/W Data Code AB Host heap *(int*)x = 2; if (x < A + 0) goto SlowpathCheck; if (B – sizeof(int) < x) goto SlowpathCheck; retfromSlowCheck: *(int*)x = 2; 2 x
15
ISA Support for XFI 15 mrguard $r, L, H If ($r < $a + L) XFI_exception() if ($b – H < $r) XFI_exception() [$r – L, $r + H) [$a, $b) AB $r LH
16
Evaluation 16 Assembly Sim-alpha simulator Alpha CC Mediabench Sources Instrumented binary Performance data Linux Hand instrument Kernel Link Object files
17
Bounds Checks Overhead 17
18
Advantages of ISA Support Compared with software solutions: Reduce executable size Reduce pressure on fetch structures (I-cache, trace cache, br. predictors) Decrease register pressure (no intermediate results) Do not pollute condition flags Do not pollute the data cache to fetch code label [CFI only] 18
19
Conclusions ISA support is very simple ISA support does not stretch critical hw resources ISA support can reduce the cost of CFI and XFI enforcement 19
20
Backup Slides 20
21
21 MSR Silicon Valley
22
22 Our Neighbors Google NASA AMES Microsoft SVC
23
23 Were Going Into Architecture
24
Were Hiring Computer Architects 24 Exciting research opportunities A chance to influence industry A lot of creative freedom A great interdisciplinary team A brand new research group A great location research.microsoft.com/aboutmsr/labs/siliconvalley
25
CFI & XFI Toolchain 25 Compiler Executable Debugging information Program Binary rewriter Safe executable Unsafe code Execution Safe code Verifier Instrumentation algorithm Trusted computing base
26
CFI Software Implementation 26 jmpc r1, 50...... cfilabel 50..... if (*r1 != 50) then goto error; goto r1+4; …..data 50 ….
27
CFI Binary Size Increase 27
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.