PFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings

Paul Muntean, Mathias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert

Publikation: Beitrag in Buch/Bericht/KonferenzbandKonferenzbeitragBegutachtung

2 Zitate (Scopus)

Abstract

In this paper, we propose reversed forward-edge mapper (PFEM), a Clang/LLVM compiler-based tool, to protect the backward edges of a program's control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers in C/C++ originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to form a precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluated PFEM using the Chrome browser, NodeJS, Nginx, Memcached, and the SPEC CPU2017 benchmark. Our results show that PFEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. PFEM's runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chrome browser.

OriginalspracheEnglisch
TitelProceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
Herausgeber (Verlag)Association for Computing Machinery
Seiten466-479
Seitenumfang14
ISBN (elektronisch)9781450388580
DOIs
PublikationsstatusVeröffentlicht - 7 Dez. 2020
Veranstaltung36th Annual Computer Security Applications Conference, ACSAC 2020 - Virtual, Online, USA/Vereinigte Staaten
Dauer: 7 Dez. 202011 Dez. 2020

Publikationsreihe

NameACM International Conference Proceeding Series

Konferenz

Konferenz36th Annual Computer Security Applications Conference, ACSAC 2020
Land/GebietUSA/Vereinigte Staaten
OrtVirtual, Online
Zeitraum7/12/2011/12/20

Fingerprint

Untersuchen Sie die Forschungsthemen von „PFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings“. Zusammen bilden sie einen einzigartigen Fingerprint.

Dieses zitieren