Controlling your control flow graph

Arun Kanuparthi, Jeyavijayan Rajendran, Ramesh Karri

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.

Original languageEnglish (US)
Title of host publicationProceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages43-48
Number of pages6
ISBN (Electronic)9781467388252
DOIs
StatePublished - Jun 20 2016
Event2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016 - McLean, United States
Duration: May 3 2016May 5 2016

Other

Other2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016
CountryUnited States
CityMcLean
Period5/3/165/5/16

Fingerprint

Flow graphs
Hamming distance
Flow control
Simulators

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Hardware and Architecture
  • Safety, Risk, Reliability and Quality

Cite this

Kanuparthi, A., Rajendran, J., & Karri, R. (2016). Controlling your control flow graph. In Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016 (pp. 43-48). [7495554] Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/HST.2016.7495554

Controlling your control flow graph. / Kanuparthi, Arun; Rajendran, Jeyavijayan; Karri, Ramesh.

Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 43-48 7495554.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Kanuparthi, A, Rajendran, J & Karri, R 2016, Controlling your control flow graph. in Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016., 7495554, Institute of Electrical and Electronics Engineers Inc., pp. 43-48, 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016, McLean, United States, 5/3/16. https://doi.org/10.1109/HST.2016.7495554
Kanuparthi A, Rajendran J, Karri R. Controlling your control flow graph. In Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 43-48. 7495554 https://doi.org/10.1109/HST.2016.7495554
Kanuparthi, Arun ; Rajendran, Jeyavijayan ; Karri, Ramesh. / Controlling your control flow graph. Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 43-48
@inproceedings{cb8ef18ac21f48e8ba405be5a2f02452,
title = "Controlling your control flow graph",
abstract = "Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7{\%} over a baseline processor.",
author = "Arun Kanuparthi and Jeyavijayan Rajendran and Ramesh Karri",
year = "2016",
month = "6",
day = "20",
doi = "10.1109/HST.2016.7495554",
language = "English (US)",
pages = "43--48",
booktitle = "Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
address = "United States",

}

TY - GEN

T1 - Controlling your control flow graph

AU - Kanuparthi, Arun

AU - Rajendran, Jeyavijayan

AU - Karri, Ramesh

PY - 2016/6/20

Y1 - 2016/6/20

N2 - Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.

AB - Code Reuse Attacks (CRAs) are software exploits in which an attacker directs program control flow through existing code without injecting malicious code to achieve his objective. In this paper, we propose Dynamic Sequence Checker (DSC), a framework to verify the validity of control flow between basic blocks in the program. Unique codes are assigned to every basic block in the program at compile time in such a way that the Hamming distance between two legally connected basic blocks is a known constant. At runtime, Hamming distance between the codes assigned to the source and destination basic blocks are calculated and compared against the known constant, to verify the control flow. Execution is aborted if the Hamming distance comparison does not match. We implemented DSC on a cycle-accurate x86 simulator. DSC has been able to detect all the CRA gadgets reported by the ROPGadget tool. The average performance overhead is 4.7% over a baseline processor.

UR - http://www.scopus.com/inward/record.url?scp=84979502862&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84979502862&partnerID=8YFLogxK

U2 - 10.1109/HST.2016.7495554

DO - 10.1109/HST.2016.7495554

M3 - Conference contribution

AN - SCOPUS:84979502862

SP - 43

EP - 48

BT - Proceedings of the 2016 IEEE International Symposium on Hardware Oriented Security and Trust, HOST 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -