No-Jump-into-Basic-Block: Enforce Basic Block CFI on the Fly for Real-world Binaries.

Code-reuse attack is a growing threat to computing systems as it can circumvent existing security defenses. Fortunately, control flow integrity (CFI) is promising in defending such attack. However, former implementations generally suffer from two major drawbacks: 1) complex pre-processing to obtain control flow graph; 2) high overhead. In this paper, we propose a cross-layer approach that employs basic block information inside the binary code and read-only data to enforce fine-grained control-flow integrity. Our approach demonstrates high applicability and thorough attack detection coverage without static analysis or recompilation. Meanwhile, it can effectively protect even striped programs, while incurring negligible 0.13% performance overhead.