Abstract
Memory corruption is a root cause of software attacks. Existing defense mechanisms (e.g., DEP, ASLR, CFI, CPI/CPS, and DFI) either offer limited security guarantees or incur high performance overhead. In this paper, we designed and developed a fast out-of-band (OOB) integrity monitor dubbed FastDIM to protect both applications and kernels against memory corruption attacks with less overhead. With FastDIM, a program in question is statically hardened by a compiler module. After that, the integrity of sensitive program data such as control-flow transfers (e.g., code pointers) and security relevant non-control data (e.g., encryption keys) are automatically protected by a monitor at run time. The key differences between FastDIM and related work are in the following aspects: 1) FastDIM offers an OOB monitor that protects the programs independently rather than letting the protected programs verify themselves using inlined reference monitor (IRM); 2) FastDIM extends the concept of shadow stacks originally proposed in CFI to protect not only return addresses but also other sensitive data such as function pointers, vtable pointers, and user-annotated sensitive non-control data. Thus, the protection of FastDIM is beyond control-flow data; 3) FastDIM provides a fast communication mechanism between programs and the monitor, so that the integrity checks are performed efficiently without context switch; and 4) for a better scalability and compatibility, FastDIM does not rely on LTO and Cross-DSO to support applications with dynamically linked libraries. We implemented a Kernel version and a TrustZone version of FastDIM to protect both user programs and Linux/Android kernels. The evaluation results show that the average overhead of FastDIM is 4.4% on SPEC CPU2017 C/C++ benchmarks and around 3% on AnTuTu benchmarks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. CCS 2005, ACM, New York, NY, USA (2005)
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4:1-4:40 (2009)
Bhatkar, S., Sekar, R.: Data space randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1–22. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70542-0_1
Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 268–279. CCS 2015, ACM, New York, NY, USA (2015)
Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 161–176. USENIX Association, Washington, D.C (2015)
Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 147–160. OSDI 2006, USENIX Association, Berkeley, CA, USA (2006)
Ding, R., Qian, C., Song, C., Harris, B., Kim, T., Lee, W.: Efficient protection of path-sensitive control security. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 131–148. USENIX Association, Vancouver, BC (2017)
Goktas, E., et al.: Bypassing Clang’s SafeStack for fun and profit. In: Black Hat Europe (2016)
Intelligence, S.: Android keystore stack buffer overflow: to keep things simple, buffers are always larger than needed (2014)
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 147–163. USENIX Association, Broomfield, CO (2014)
Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with “return-less” kernels. In: Proceedings of the 5th European Conference on Computer Systems, pp. 195–208. EuroSys 2010, ACM, New York, NY, USA (2010)
Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazières, D.: CCFI: cryptographically enforced control flow integrity. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 941–951. CCS 2015, ACM, New York, NY, USA (2015)
Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control-flow integrity. In: NDSS (2015)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of ACM PLDI (2009)
Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: Proceedings of ISMM (2010)
Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: Proceedings of ACM POPL (2002)
Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)
Niu, B., Tan, G.: Modular control-flow integrity. SIGPLAN Not. 49(6), 577–587 (2014)
Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 574–588. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)
Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 559–573. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22Nd USENIX Conference on Security, pp. 337–352. SEC 2013, USENIX Association, Berkeley, CA, USA (2013)
Acknowledgements
We sincerely thank reviewers for their insightful feedback. This work was supported in part by NSFC Award #61972200.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Huang, J., Xue, S., Wang, C. (2022). Fast Out-of-Band Data Integrity Monitor to Mitigate Memory Corruption Attacks. In: Ge, C., Guo, F. (eds) Provable and Practical Security. ProvSec 2022. Lecture Notes in Computer Science, vol 13600. Springer, Cham. https://doi.org/10.1007/978-3-031-20917-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-031-20917-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-20916-1
Online ISBN: 978-3-031-20917-8
eBook Packages: Computer ScienceComputer Science (R0)