More Web Proxy on the site http://driver.im/

research-article

Combining control-flow integrity and static analysis for efficient and validated data sandboxing

Authors:

Greg MorrisettAuthors Info & Claims

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

Pages 29 - 40

https://doi.org/10.1145/2046707.2046713

Published: 17 October 2011 Publication History

Abstract

In many software attacks, inducing an illegal control-flow transfer in the target system is one common step. Control-Flow Integrity (CFI) protects a software system by enforcing a pre-determined control-flow graph. In addition to providing strong security, CFI enables static analysis on low-level code. This paper evaluates whether CFI-enabled static analysis can help build efficient and validated data sandboxing. Previous systems generally sandbox memory writes for integrity, but avoid protecting confidentiality due to the high overhead of sandboxing memory reads. To reduce overhead, we have implemented a series of optimizations that remove sandboxing instructions if they are proven unnecessary by static analysis. On top of CFI, our system adds only 2.7% runtime overhead on SPECint2000 for sandboxing memory writes and adds modest 19% for sandboxing both reads and writes. We have also built a principled data-sandboxing verifier based on range analysis. The verifier checks the safety of the results of the optimizer, which removes the need to trust the rewriter and optimizer. Our results show that the combination of CFI and static analysis has the potential of bringing down the cost of general inlined reference monitors, while maintaining strong security.

References

[1]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity. In 12th CCS, pages 340--353, 2005.

Digital Library

[2]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13:4:1--4:40, Nov. 2009.

Digital Library

[3]

A. V. Aho, R. Sethi, and J. D. Ullman. Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading, MA, 1986.

Digital Library

[4]

P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with wit. In IEEE S&P, pages 263--277, 2008.

Digital Library

[5]

P. Akritidis, M. Costa, M. Castro, and S. Hand. Baggy bounds checking: An efficient and backwards-compatible defense against out-of-bounds errors. In 18th Usenix Security Symposium, pages 51--66, 2009.

Digital Library

[6]

J. Ansel, P. Marchenko, Ú. Erlingsson, E. Taylor, B. Chen, D. Schuff, D. Sehr, C. Biffle, and B. Yee. Language-independent sandboxing of just-in-time compilation and self-modifying code. In PLDI, pages 355--366, 2011.

Digital Library

[7]

G. Balakrishnan and T. Reps. Analyzing memory accesses in x86 executables. In 13th International Conference on Compiler Construction (CC), pages 5--23, 2004.

[8]

M. Castro, M. Costa, J.-P. Martin, M. Peinado, P. Akritidis, A. Donnelly, P. Barham, and R. Black. Fast byte-granularity software fault isolation. In SOSP, pages 45--58, 2009.

Digital Library

[9]

S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In 17th CCS, pages 559--572, 2010.

Digital Library

[10]

J. R. Douceur, J. Elson, J. Howell, and J. R. Lorch. Leveraging legacy code to deploy desktop applications on the web. In OSDI, pages 339--354, 2008.

Digital Library

[11]

Ú. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. Necula. XFI: Software guards for system address spaces. In OSDI, pages 75--88, 2006.

Digital Library

[12]

Ú. Erlingsson and F. Schneider. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop (NSPW), pages 87--95. ACM Press, 1999.

Digital Library

[13]

Ú. Erlingsson and F. Schneider. IRM enforcement of Java stack inspection. In IEEE S&P, pages 246--255, 2000.

Digital Library

[14]

B. Ford and R. Cox. Vx32: Lightweight user-level sandboxing on the x86. In USENIX Annual Technical Conference, pages 293--306, 2008.

Digital Library

[15]

T. Garfinkel, B. Pfaff, and M. Rosenblum. Ostia: A delegating architecture for secure system call interposition. In NDSS, 2004.

[16]

I. Goldberg, D. Wagner, R. Thomas, and E. A. Brewer. A secure environment for untrusted helper applications: Confining the wily hacker. In Proceedings of the 6th conference on USENIX Security Symposium, 1996.

Digital Library

[17]

S. Ioannidis, S. M. Bellovin, and J. M. Smith. Sub-operating systems: a new approach to application security. In ACM SIGOPS European Workshop, pages 108--115, 2002.

Digital Library

[18]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In 11th Usenix Security Symposium, pages 191--206, 2002.

Digital Library

[19]

P. Klinkoff, E. Kirda, C. Kruegel, and G. Vigna. Extending .NET security to unmanaged code. Internation Journal of Information Security, 6(6):417--428, 2007.

Digital Library

[20]

LLVM 2.8. http://llvm.org.

[21]

S. McCamant and G. Morrisett. Evaluating SFI for a CISC architecture. In 15th Usenix Security Symposium, 2006.

Digital Library

[22]

M. Payer and T. R. Gross. Fine-grained user-space security through virtualization. In Proceedings of the 7th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments (VEE), pages 157--168, 2011.

Digital Library

[23]

N. Provos. Improving host security with system call policies. In 12th Usenix Security Symposium, pages 257--272, 2003.

Digital Library

[24]

K. Scott and J. Davidson. Safe virtual execution using software dynamic translation. In Proceedings of the 18th Annual Computer Security Applications Conference, ACSAC '02, pages 209--218, 2002.

Digital Library

[25]

D. Sehr, R. Muth, C. Biffle, V. Khimenko, E. Pasko, K. Schimpf, B. Yee, and B. Chen. Adapting software fault isolation to contemporary CPU architectures. In 19th Usenix Security Symposium, pages 1--12, 2010.

Digital Library

[26]

H. Shacham. The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In 14th CCS, pages 552--561, 2007.

Digital Library

[27]

J. Siefers, G. Tan, and G. Morrisett. Robusta: Taming the native beast of the JVM. In 17th CCS, pages 201--211, 2010.

Digital Library

[28]

C. Small. A tool for constructing safe extensible C+ systems. In COOTS'97: Proceedings of the 3rd conference on USENIX Conference on Object-Oriented Technologies (COOTS), pages 174--184, 1997.

Digital Library

[29]

D. Song, D. Brumley, H. Yin, J. Caballero, I. Jager, M. G. Kang, Z. Liang, J. Newsome, P. Poosankam, and P. Saxena. BitBlaze: A new approach to computer security via binary analysis. In Proceedings of the 4th International Conference on Information Systems Security. Keynote invited paper, Hyderabad, India, Dec. 2008.

Digital Library

[30]

M. M. Swift, M. Annamalai, B. N. Bershad, and H. M. Levy. Recovering device drivers. In OSDI, pages 1--16, 2004.

Digital Library

[31]

R. Wahbe, S. Lucco, T. Anderson, and S. Graham. Efficient software-based fault isolation. In SOSP, pages 203--216, New York, 1993. ACM Press.

Digital Library

[32]

Z. Wang and X. Jiang. Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE S&P, pages 380--395, 2010.

Digital Library

[33]

Z. Xu, B. Miller, and T. Reps. Safety checking of machine code. In PLDI, pages 70--82, 2000.

Digital Library

[34]

B. Yee, D. Sehr, G. Dardyk, B. Chen, R. Muth, T. Ormandy, S. Okasaka, N. Narula, and N. Fullagar. Native client: A sandbox for portable, untrusted x86 native code. In IEEE S&P, May 2009.

Digital Library

Cited By

Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Ceesay-Seitz KSolt FRazavi KLuo BLiao XXu JKirda ELie D(2024)μCFI: Formal Verification of Microarchitectural Control-flow IntegrityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690344(213-227)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690344
Yuan ZHong SGuo RChang RGao MShen WZhou YSchiavoni VEdinger JCao JJin Z(2024)LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64Proceedings of the 25th International Middleware Conference10.1145/3652892.3700786(467-480)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3652892.3700786
Show More Cited By

Index Terms

Combining control-flow integrity and static analysis for efficient and validated data sandboxing

Recommendations

Per-Input Control-Flow Integrity
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a program and instrument the program to enforce that CFG. The statically ...
Modular control-flow integrity
PLDI '14: Proceedings of the 35th ACM SIGPLAN Conference on Programming Language Design and Implementation

Control-Flow Integrity (CFI) is a software-hardening technique. It inlines checks into a program so that its execution always follows a predetermined Control-Flow Graph (CFG). As a result, CFI is effective at preventing control-flow hijacking attacks. ...
Integrating Static Analyses for High-Precision Control-Flow Integrity
RAID '24: Proceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses

Memory corruptions are still one of the most prevalent and severe security vulnerabilities in today’s programs. For this reason, several techniques for mitigating software vulnerabilities exist and are used in production systems. An important mitigation ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

October 2011

742 pages

ISBN:9781450309486

DOI:10.1145/2046707

General Chair:
Yan Chen
Northwestern University, USA
,
Program Chairs:
George Danezis
Microsoft Research Cambridge, UK
,
Vitaly Shmatikov
University of Texas at Austin, USA

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 17 October 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'11

Sponsor:

SIGSAC

CCS'11: the ACM Conference on Computer and Communications Security

October 17 - 21, 2011

Illinois, Chicago, USA

Acceptance Rates

CCS '11 Paper Acceptance Rate 60 of 429 submissions, 14%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

81
Total Citations
View Citations
1,035
Total Downloads

Downloads (Last 12 months)48
Downloads (Last 6 weeks)8

Reflects downloads up to 12 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Ceesay-Seitz KSolt FRazavi KLuo BLiao XXu JKirda ELie D(2024)μCFI: Formal Verification of Microarchitectural Control-flow IntegrityProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3690344(213-227)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3690344
Yuan ZHong SGuo RChang RGao MShen WZhou YSchiavoni VEdinger JCao JJin Z(2024)LightZone: Lightweight Hardware-Assisted In-Process Isolation for ARM64Proceedings of the 25th International Middleware Conference10.1145/3652892.3700786(467-480)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3652892.3700786
Yedidia ZTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Lightweight Fault Isolation: Practical, Efficient, and Secure Software SandboxingProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 210.1145/3620665.3640408(649-665)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620665.3640408
Cai YZhang C(2023)A Cocktail Approach to Practical Call Graph ConstructionProceedings of the ACM on Programming Languages10.1145/36228337:OOPSLA2(1001-1033)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622833
Kedia PPurandare RAgarwal URishabh Just RFraser G(2023)CGuard: Scalable and Precise Object Bounds Protection for CProceedings of the 32nd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3597926.3598137(1307-1318)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1145/3597926.3598137
Xu JBartolomeo LToffalini FMao BPayer M(2023)WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches2023 IEEE Symposium on Security and Privacy (SP)10.1109/SP46215.2023.10179433(1271-1288)Online publication date: May-2023
https://doi.org/10.1109/SP46215.2023.10179433
Mallissery SWu Y(2023)Enriching the Semantics of Information Flow Tracking with Source-Level Memory Allocation Event Logging2023 IEEE Conference on Dependable and Secure Computing (DSC)10.1109/DSC61021.2023.10354156(1-10)Online publication date: 7-Nov-2023
https://doi.org/10.1109/DSC61021.2023.10354156
Kolosick MNarayan SJohnson EWatt CLeMay MGarg DJhala RStefan D(2022)Isolation without taxation: near-zero-cost transitions for WebAssembly and SFIProceedings of the ACM on Programming Languages10.1145/34986886:POPL(1-30)Online publication date: 12-Jan-2022
https://dl.acm.org/doi/10.1145/3498688
Cai MShen JZhang THuang HYe B(2022)SigGuard: Hardening Vulnerable Signal Handling in Commodity Operating Systems2022 41st International Symposium on Reliable Distributed Systems (SRDS)10.1109/SRDS55811.2022.00030(237-249)Online publication date: Sep-2022
https://doi.org/10.1109/SRDS55811.2022.00030
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents