Taming transactions: Towards hardware-assisted control flow integrity using transactional memory

Marius Muench, Fabio Pagani, Yan Shoshitaishvili, Christopher Kruegel, Giovanni Vigna, Davide Balzarotti

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Scopus citations

Abstract

Control Flow Integrity (CFI) is a promising defense technique against code-reuse attacks. While proposals to use hardware features to support CFI already exist, there is still a growing demand for an architectural CFI support on commodity hardware. To tackle this problem, in this paper we demonstrate that the Transactional Synchronization Extensions (TSX) recently introduced by Intel in the x86-64 instruction set can be used to support CFI. The main idea of our approach is to map control flow transitions into transactions. This way, violations of the intended control flow graphs would then trigger transactional aborts, which constitutes the core of our TSX-based CFI solution. To prove the feasibility of our technique, we designed and implemented two coarse-grained CFI proof-of-concept implementations using the new TSX features. In particular, we show how hardware-supported transactions can be used to enforce both loose CFI (which does not need to extract the control flow graph in advance) and strict CFI (which requires pre-computed labels to achieve a better precision). All solutions are based on a compile-time instrumentation. We evaluate the effectiveness and overhead of our implementations to demonstrate that a TSX-based implementation contains useful concepts for architectural control flow integrity support.

Original languageEnglish (US)
Title of host publicationResearch in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Proceedings
EditorsMarc Dacier, Fabian Monrose, Gregory Blanc, Joaquin Garcia-Alfaro
PublisherSpringer Verlag
Pages24-48
Number of pages25
ISBN (Print)9783319457185
DOIs
StatePublished - Jan 1 2016
Event19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016 - Paris, France
Duration: Sep 19 2016Sep 21 2016

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9854 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th International Symposium on Research in Attacks, Intrusions, and Defenses, RAID 2016
CountryFrance
CityParis
Period9/19/169/21/16

Keywords

  • Binary hardening
  • Control flow integrity
  • Intel® TSX
  • Software security
  • Transactional memory

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'Taming transactions: Towards hardware-assisted control flow integrity using transactional memory'. Together they form a unique fingerprint.

  • Cite this

    Muench, M., Pagani, F., Shoshitaishvili, Y., Kruegel, C., Vigna, G., & Balzarotti, D. (2016). Taming transactions: Towards hardware-assisted control flow integrity using transactional memory. In M. Dacier, F. Monrose, G. Blanc, & J. Garcia-Alfaro (Eds.), Research in Attacks, Intrusions, and Defenses - 19th International Symposium, RAID 2016, Proceedings (pp. 24-48). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9854 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-45719-2_2