Affiliation:
1. UNSW Sydney Macau University of Science and Technology, Macau, China
2. Huawei Toronto Research Center, Markham, ON, Canada
3. UNSW Sydney, NSW, Australia
Abstract
Control-Flow Integrity (CFI) techniques focus often on protecting forward edges and assume that backward edges are protected by shadow stacks. However, software-based shadow stacks that can provide performance, security, and compatibility are still hard to obtain, leaving an important security gap on x86-64. In this article, we introduce a simple, efficient, and effective parallel shadow stack design (based on LLVM),
FlashStack
, for protecting return addresses in single- and multi-threaded programs running under 64-bit Linux on x86-64, with three distinctive features. First, we introduce a novel dual-prologue approach to enable a protected function to thwart the TOCTTOU attacks, which are constructed by Microsoft’s red team and lead to the deprecation of Microsoft’s RFG. Second, we design a new mapping mechanism,
Segment+Rsp-S
, to allow the parallel shadow stack to be accessed efficiently while satisfying the constraints of
arch_prctl()
and ASLR in 64-bit Linux. Finally, we introduce a lightweight inspection mechanism,
SideChannel-K
, to harden
FlashStack
further by detecting entropy-reduction attacks efficiently and protecting the parallel shadow stack effectively with a 10-ms shuffling policy. Our evaluation on
SPEC CPU2006
,
Nginx,
and
Firefox
shows that
FlashStack
can provide high performance, meaningful security, and reasonable compatibility for server- and client-side programs on x86-64.
Funder
Australian Research Council
UNSW-Huawei
Publisher
Association for Computing Machinery (ACM)
Subject
Hardware and Architecture,Information Systems,Software
Reference77 articles.
1. Microsoft Security Response Center. 2018. The Evolution of CFI Attacks and Defenses. Retrieved July 18 2022 from https://github.com/microsoft/MSRC-Security-Research/tree/master/presentations/2018_02_OffensiveCon.
2. Wikipedia. 2020. Tiger Lake. Retrieved July 18 2022 from https://en.wikipedia.org/wiki/Tiger_Lake_(microprocessor).
3. The PaX Team. 2001. Address Space Layout Randomization. Retrieved July 18 2022 from https://pax.grsecurity.net/docs/aslr.txt.
4. How to Make ASLR Win the Clone Wars: Runtime Re-Randomization
5. David Williams-King, Graham Gobieski, Kent Williams-King, James P. Blake, Xinhao Yuan, Patrick Colp, Michelle Zheng, Vasileios P. Kemerlis, Junfeng Yang, and William Aiello. 2016. Shuffler: Fast and deployable continuous code re-randomization. In Proceedings of the 12th USENIX Symposium on Operating Systems Design and Implementation. 367–382.
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. GuiDiv: Mitigating Code-reuse Attack in an IoT Cluster Using Guided Control Flow Diversification;2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom);2023-11-01
2. VMCanary: Effective Memory Protection for WebAssembly via Virtual Machine-assisted Approach;2023 IEEE 23rd International Conference on Software Quality, Reliability, and Security (QRS);2023-10-22
3. Thread-Level Attack-Surface Reduction;Proceedings of the 24th ACM SIGPLAN/SIGBED International Conference on Languages, Compilers, and Tools for Embedded Systems;2023-06-13
4. Stack Data Protection Mechanism for LLVM Intermediate Representation;2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE);2023-04-14