KSII Transactions on Internet and Information Systems (TIIS)

  • 제11권1호
  • /
  • Pages.396-413
  • /
  • 2017
  • /
  • 1976-7277(pISSN)
  • /
  • 1976-7277(eISSN)
한국인터넷정보학회 (Korean Society for Internet Information)
권호 표지
DOI QR코드

DOI QR Code

Control Flow Checking at Virtual Edges

  • Liu, LiPing (Computer department, Beijing Institute of Technology) ;
  • Ci, LinLin (Computer department, Beijing Institute of Technology) ;
  • Liu, Wei (Computer department, Beijing Institute of Technology) ;
  • Yang, Hui (Computer department, Beijing Institute of Technology)
  • 투고 : 2016.10.02
  • 심사 : 2016.11.29
  • 발행 : 2017.01.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Dynamically checking the integrity of software at run-time is always a hot and difficult spot for trusted computing. Control-flow integrity is a basic and important safety property of software integrity. Many classic and emerging security attacks who introduce illegal control-flow to applications can cause unpredictable behaviors of computer-based systems. In this paper, we present a software-based approach to checking violation of control flow integrity at run-time. This paper proposes a high-performance and low-overhead software control flow checking solution, control flow checking at virtual edges (CFCVE). CFCVE assigns a unique signature to each basic block and then inserts a virtual vertex into each edge at compile time. This together with insertion of signature updating instructions and checking instructions into corresponding vertexes and virtual vertexes. Control flow faults can be detected by comparing the run-time signature with the saved one at compile time. Our experimental results show that CFCVE incurs only 10.61% performance overhead on average for several C benchmark programs and the average undetected error rate is only 9.29%. Compared with previous techniques, CFCVE has the characteristics of both high fault coverage and low memory and performance overhead.

키워드

참고문헌

  1. Chen K, Liu H Y, Chen X S, "Detecting LDoS Attacks based on Abnormal Network Traffic [J]," Ksii Transactions on Internet & Information Systems, 6(7):1831-1853, 2012. https://doi.org/10.3837/tiis.2012.07.007
  2. Ktas E, Athanasopoulos E, Bos H, et al., "Out of Control: Overcoming Control-Flow Integrity[C]," IEEE Symposium on Security and Privacy. IEEE Computer Society, 575-589, 2014.
  3. Davi L, Sadeghi A R, Winandy M., "Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks.[C]," ACM Workshop on Scalable Trusted Computing, Stc 2009, Chicago, Illinois, Usa, 49-54, November. 2009.
  4. Nagarajan A, Varadharajan V., "Dynamic trust enhanced security model for trusted platform based services [J]," Future Generation Computer Systems, 27(5):564-573, 2011. https://doi.org/10.1016/j.future.2010.10.008
  5. Winter J, Dietrich K., "A hijacker's guide to communication interfaces of the trusted platform module [J]," Computers & Mathematics with Applications, 65(5):748-761, 2013. https://doi.org/10.1016/j.camwa.2012.06.018
  6. Kanuparthi A K, Zahran M, Karri R., "Architecture Support for Dynamic Integrity Checking[J]," IEEE Transactions on Information Forensics & Security, 7(7):321-332, 2012. https://doi.org/10.1109/TIFS.2011.2166960
  7. Muthukumaran D, Schiffman J, Hassan M, et al., "Protecting the integrity of trusted applications in mobile phone systems [J]," Security & Communication Networks, 4(6):633-650, 2011. https://doi.org/10.1002/sec.194
  8. Shacham H., "The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)[C]," in Proc. of ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, Usa, 552-561, October. 2007.
  9. Bhattacharya K, Ranganathan N., "RADJAM: A Novel Approach for Reduction of Soft Errors in Logic Circuits.[C]," in Proc. of International Conference on Vlsi Design, 453-458, 2009.
  10. Saxena N R, Mccluskey E J., "Control-Flow Checking Using Watchdog Assists and Extended-Precision Checksums[J]," Computers IEEE Transactions on, 39(4):554-559, 1990. https://doi.org/10.1109/12.54849
  11. Rajabzadeh A, Miremadi S G., "A Hardware Approach to Concurrent Error Detection Capability Enhancement in COTS Processors[C]," Pacific Rim International Symposium on Dependable Computing, 2005. Proceedings. IEEE, 83-90, 2005.
  12. Jafari-Nodoushan M, Miremadi S G, and Ejlali A., "Control-Flow Checking Using Branch Instructions.[C]," Ieee/ipip International Conference on Embedded and Ubiquitous Computing, 66-72, 2008.
  13. Alkhalifa, Z, Nair, V.S.S, Krishnamurthy, N, et al., "Design and evaluation of system-level checks for on-line control flow error detection[J]," IEEE Transactions on Parallel & Distributed Systems, 10(6):627-641, 1999. https://doi.org/10.1109/71.774911
  14. Li A, Hong B., "On-line control flow error detection using relationship signatures among basic blocks[J]," Computers & Electrical Engineering, 36(1):132-141, 2010. https://doi.org/10.1016/j.compeleceng.2008.08.010
  15. Oh N, Shirvani P P, Mccluskey E J., "Control-flow checking by software signatures[J]," IEEE Transactions on Reliability, 51(1):111-122, 2002. https://doi.org/10.1109/24.994926
  16. Jian-Li L I, Tan Q P, Tan L F, et al., "A Control Flow Checking Method based on Abstract Basic Block and Formatted Signature [J]," Chinese Journal of Computers, 2014.
  17. Mu Y, Hao W, Zheng Y, et al., "Graph-tree-based software control flow checking for COTS processors on pico-satellites[J]," Chinese Journal of Aeronautics, 26(2):413-422, 2013. https://doi.org/10.1016/j.cja.2013.02.019
  18. Chielle E, Rodrigues G S, Kastensmidt F L, et al., "S-SETA: Selective Software-Only Error-Detection Technique Using Assertions [J]," IEEE Transactions on Nuclear Science, 62(6):3088-3095, 2015. https://doi.org/10.1109/TNS.2015.2484842
  19. Martinez-Alvarez A, Restrepo-Calle F, Cuenca-Asensi S, et al., "A Hardware-Software Approach for On-line Soft Error Mitigation in Interrupt-Driven Applications[J]," IEEE Transactions on Dependable & Secure Computing, 502-508, 2016.
  20. Watson M, Shirazi N, Marnerides A, et al., "Malware Detection in Cloud Computing Infrastructures[J]," IEEE Transactions on Dependable & Secure Computing, 13(2):192-205, 2016. https://doi.org/10.1109/TDSC.2015.2457918
  21. Venkatasubramanian R, Hayes J P, and Murray B T., "Low-cost on-line fault detection using control flow assertions[C]," in Proc. of On-Line Testing Symposium, Iolts. IEEE, 137-143, 2003.
  22. Goloubeva O, Rebaudengo M, Reorda M S, et al., "Soft-Error Detection Using Control Flow Assertions[J]," Nonlinear Dynamics, 77(4):581-588, 2003.
  23. Y. Sedaghat, S. G. Miremadi, M. Fazeli, "A Software-Based Error Detection Technique Using Encoded Signatures [J]," 389-400, 2006.
  24. Krishnamurthy N, Jhaveri V, and Abraham J., "A Design Methodology for Software Fault Injection in Embedded Systems [J]," 1998.
  25. Asghari S A, Taheri H, Pedram H, et al., "Software-Based Control Flow Checking Against Transient Faults in Industrial Environments [J]," IEEE Transactions on Industrial Informatics, 99(1):481-490, 2013.
  26. Vemu R, and Abraham J., "CEDA: Control-Flow Error Detection Using Assertions [J]," IEEE Transactions on Computers, 60(9):1233-1245, 2011. https://doi.org/10.1109/TC.2011.101