IBV-CFI: Efficient fine-grained control-flow integrity preserving CFG precision
DC Field | Value | Language |
---|---|---|
dc.contributor.author | Jang, Hyerean | - |
dc.contributor.author | Park, Moon Chan | - |
dc.contributor.author | Lee, Dong Hoon | - |
dc.date.accessioned | 2021-08-30T20:31:17Z | - |
dc.date.available | 2021-08-30T20:31:17Z | - |
dc.date.created | 2021-06-18 | - |
dc.date.issued | 2020-07 | - |
dc.identifier.issn | 0167-4048 | - |
dc.identifier.uri | https://scholar.korea.ac.kr/handle/2021.sw.korea/54924 | - |
dc.description.abstract | Control-flow integrity (CFI) is a software security solution that prevents software attacks such as controlflow hijacking by restricting the indirect control-flow transfers (ICT) to a pre-computed control-flow graph (CFG). Since the validity of ICTs are determined based on CFG on the CFI mechanism, CFG precision is an important factor in determining CFI security level. However, checking the validity of ICTs based on a precise CFG can incur significant runtime overhead. For this reason, many existing CFI schemes have used a runtime check mechanism that compromises the precision of the CFG. In this paper, we present an Index-based Bit Vector Control-Flow Integrity scheme (IBV-CFI), which performs an efficient runtime check while preserving CFG precision. IBV-CFI generates independent bit vectors for all ICTs and stores a valid target set for each ICT in the bit vector. Independent bit vectors accurately reflect the CFG, so they do not compromise the precision of CFG. In addition, it is possible to determine the validity of the target of the indirect branch through a simple bit value comparison, which enables an efficient runtime check. We implemented a prototype model, IBV-CFI, and performed performance measurements using the SPEC CPU 2017 benchmarks and three real-world applications. The results show that IBV-CFI introduces approximately 1.42% performance overhead. (C) 2020 Elsevier Ltd. All rights reserved. | - |
dc.language | English | - |
dc.language.iso | en | - |
dc.publisher | ELSEVIER ADVANCED TECHNOLOGY | - |
dc.title | IBV-CFI: Efficient fine-grained control-flow integrity preserving CFG precision | - |
dc.type | Article | - |
dc.contributor.affiliatedAuthor | Lee, Dong Hoon | - |
dc.identifier.doi | 10.1016/j.cose.2020.101828 | - |
dc.identifier.scopusid | 2-s2.0-85084070566 | - |
dc.identifier.wosid | 000536764600014 | - |
dc.identifier.bibliographicCitation | COMPUTERS & SECURITY, v.94 | - |
dc.relation.isPartOf | COMPUTERS & SECURITY | - |
dc.citation.title | COMPUTERS & SECURITY | - |
dc.citation.volume | 94 | - |
dc.type.rims | ART | - |
dc.type.docType | Article | - |
dc.description.journalClass | 1 | - |
dc.description.journalRegisteredClass | scie | - |
dc.description.journalRegisteredClass | scopus | - |
dc.relation.journalResearchArea | Computer Science | - |
dc.relation.journalWebOfScienceCategory | Computer Science, Information Systems | - |
dc.subject.keywordAuthor | Control-flow integrity | - |
dc.subject.keywordAuthor | Control-flow hijacking | - |
dc.subject.keywordAuthor | Software security | - |
dc.subject.keywordAuthor | Security | - |
dc.subject.keywordAuthor | Computer architecture | - |
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.
(02841) 서울특별시 성북구 안암로 14502-3290-1114
COPYRIGHT © 2021 Korea University. All Rights Reserved.
Certain data included herein are derived from the © Web of Science of Clarivate Analytics. All rights reserved.
You may not copy or re-distribute this material in whole or in part without the prior written consent of Clarivate Analytics.