Browse > Article
http://dx.doi.org/10.3837/tiis.2017.01.021

Control Flow Checking at Virtual Edges  

Liu, LiPing (Computer department, Beijing Institute of Technology)
Ci, LinLin (Computer department, Beijing Institute of Technology)
Liu, Wei (Computer department, Beijing Institute of Technology)
Yang, Hui (Computer department, Beijing Institute of Technology)
Publication Information
KSII Transactions on Internet and Information Systems (TIIS) / v.11, no.1, 2017 , pp. 396-413 More about this Journal
Abstract
Dynamically checking the integrity of software at run-time is always a hot and difficult spot for trusted computing. Control-flow integrity is a basic and important safety property of software integrity. Many classic and emerging security attacks who introduce illegal control-flow to applications can cause unpredictable behaviors of computer-based systems. In this paper, we present a software-based approach to checking violation of control flow integrity at run-time. This paper proposes a high-performance and low-overhead software control flow checking solution, control flow checking at virtual edges (CFCVE). CFCVE assigns a unique signature to each basic block and then inserts a virtual vertex into each edge at compile time. This together with insertion of signature updating instructions and checking instructions into corresponding vertexes and virtual vertexes. Control flow faults can be detected by comparing the run-time signature with the saved one at compile time. Our experimental results show that CFCVE incurs only 10.61% performance overhead on average for several C benchmark programs and the average undetected error rate is only 9.29%. Compared with previous techniques, CFCVE has the characteristics of both high fault coverage and low memory and performance overhead.
Keywords
Trusted computing; Dynamic measurement; Control-flow errors; Error detection; Virtual edges;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Chen K, Liu H Y, Chen X S, "Detecting LDoS Attacks based on Abnormal Network Traffic [J]," Ksii Transactions on Internet & Information Systems, 6(7):1831-1853, 2012.   DOI
2 Ktas E, Athanasopoulos E, Bos H, et al., "Out of Control: Overcoming Control-Flow Integrity[C]," IEEE Symposium on Security and Privacy. IEEE Computer Society, 575-589, 2014.
3 Davi L, Sadeghi A R, Winandy M., "Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks.[C]," ACM Workshop on Scalable Trusted Computing, Stc 2009, Chicago, Illinois, Usa, 49-54, November. 2009.
4 Nagarajan A, Varadharajan V., "Dynamic trust enhanced security model for trusted platform based services [J]," Future Generation Computer Systems, 27(5):564-573, 2011.   DOI
5 Winter J, Dietrich K., "A hijacker's guide to communication interfaces of the trusted platform module [J]," Computers & Mathematics with Applications, 65(5):748-761, 2013.   DOI
6 Kanuparthi A K, Zahran M, Karri R., "Architecture Support for Dynamic Integrity Checking[J]," IEEE Transactions on Information Forensics & Security, 7(7):321-332, 2012.   DOI
7 Muthukumaran D, Schiffman J, Hassan M, et al., "Protecting the integrity of trusted applications in mobile phone systems [J]," Security & Communication Networks, 4(6):633-650, 2011.   DOI
8 Bhattacharya K, Ranganathan N., "RADJAM: A Novel Approach for Reduction of Soft Errors in Logic Circuits.[C]," in Proc. of International Conference on Vlsi Design, 453-458, 2009.
9 Saxena N R, Mccluskey E J., "Control-Flow Checking Using Watchdog Assists and Extended-Precision Checksums[J]," Computers IEEE Transactions on, 39(4):554-559, 1990.   DOI
10 Rajabzadeh A, Miremadi S G., "A Hardware Approach to Concurrent Error Detection Capability Enhancement in COTS Processors[C]," Pacific Rim International Symposium on Dependable Computing, 2005. Proceedings. IEEE, 83-90, 2005.
11 Jafari-Nodoushan M, Miremadi S G, and Ejlali A., "Control-Flow Checking Using Branch Instructions.[C]," Ieee/ipip International Conference on Embedded and Ubiquitous Computing, 66-72, 2008.
12 Alkhalifa, Z, Nair, V.S.S, Krishnamurthy, N, et al., "Design and evaluation of system-level checks for on-line control flow error detection[J]," IEEE Transactions on Parallel & Distributed Systems, 10(6):627-641, 1999.   DOI
13 Oh N, Shirvani P P, Mccluskey E J., "Control-flow checking by software signatures[J]," IEEE Transactions on Reliability, 51(1):111-122, 2002.   DOI
14 Jian-Li L I, Tan Q P, Tan L F, et al., "A Control Flow Checking Method based on Abstract Basic Block and Formatted Signature [J]," Chinese Journal of Computers, 2014.
15 Mu Y, Hao W, Zheng Y, et al., "Graph-tree-based software control flow checking for COTS processors on pico-satellites[J]," Chinese Journal of Aeronautics, 26(2):413-422, 2013.   DOI
16 Venkatasubramanian R, Hayes J P, and Murray B T., "Low-cost on-line fault detection using control flow assertions[C]," in Proc. of On-Line Testing Symposium, Iolts. IEEE, 137-143, 2003.
17 Shacham H., "The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)[C]," in Proc. of ACM Conference on Computer and Communications Security, CCS 2007, Alexandria, Virginia, Usa, 552-561, October. 2007.
18 Chielle E, Rodrigues G S, Kastensmidt F L, et al., "S-SETA: Selective Software-Only Error-Detection Technique Using Assertions [J]," IEEE Transactions on Nuclear Science, 62(6):3088-3095, 2015.   DOI
19 Martinez-Alvarez A, Restrepo-Calle F, Cuenca-Asensi S, et al., "A Hardware-Software Approach for On-line Soft Error Mitigation in Interrupt-Driven Applications[J]," IEEE Transactions on Dependable & Secure Computing, 502-508, 2016.
20 Watson M, Shirazi N, Marnerides A, et al., "Malware Detection in Cloud Computing Infrastructures[J]," IEEE Transactions on Dependable & Secure Computing, 13(2):192-205, 2016.   DOI
21 Goloubeva O, Rebaudengo M, Reorda M S, et al., "Soft-Error Detection Using Control Flow Assertions[J]," Nonlinear Dynamics, 77(4):581-588, 2003.
22 Y. Sedaghat, S. G. Miremadi, M. Fazeli, "A Software-Based Error Detection Technique Using Encoded Signatures [J]," 389-400, 2006.
23 Krishnamurthy N, Jhaveri V, and Abraham J., "A Design Methodology for Software Fault Injection in Embedded Systems [J]," 1998.
24 Li A, Hong B., "On-line control flow error detection using relationship signatures among basic blocks[J]," Computers & Electrical Engineering, 36(1):132-141, 2010.   DOI
25 Asghari S A, Taheri H, Pedram H, et al., "Software-Based Control Flow Checking Against Transient Faults in Industrial Environments [J]," IEEE Transactions on Industrial Informatics, 99(1):481-490, 2013.
26 Vemu R, and Abraham J., "CEDA: Control-Flow Error Detection Using Assertions [J]," IEEE Transactions on Computers, 60(9):1233-1245, 2011.   DOI