HW-CDI: Hard-Wired Control Data Integrity

Yongsuk Lee, Gyungho Lee

Research output: Contribution to journalArticlepeer-review

3 Citations (Scopus)

Abstract

Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.

Original languageEnglish
Article number8606926
Pages (from-to)10811-10822
Number of pages12
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 2019

Keywords

  • Control data
  • control flow integrity
  • indirect branch
  • instruction set architecture
  • software security

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Fingerprint Dive into the research topics of 'HW-CDI: Hard-Wired Control Data Integrity'. Together they form a unique fingerprint.

Cite this