rho FEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings
ACSAC(2020)
摘要
In this paper, we propose reversed forward-edge mapper (rho FEM), a Clang/LLVM compiler-based tool, to protect the backward edges of a program's control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers in C/C++ originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to form a precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluated rho FEM using the Chrome browser, NodeJS, Nginx, Memcached, and the SPEC CPU2017 benchmark. Our results show that rho FEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. rho FEM's runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chronic browser.
更多查看译文
关键词
Clang/LLVM, control flow integrity, hijacking attack, cyber defense
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络