HW-CDI: Hard-Wired Control Data Integrity

Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	IEEE access 2019, Vol.7, p.10811-10822
Hauptverfasser:	Lee, Yongsuk, Lee, Gyungho
Format:	Artikel
Sprache:	eng
Schlagworte:	Control data Control data (computers) control flow integrity Data integrity Decoding Encoding Encoding-Decoding Hardware indirect branch instruction set architecture Instruments Integrity Microprocessors Process control Software software security Stability
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page	10822
container_issue
container_start_page	10811
container_title	IEEE access
container_volume	7
creator	Lee, Yongsuk Lee, Gyungho
description	Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.
doi_str_mv	10.1109/ACCESS.2019.2891762
format	Article
fullrecord	<record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2455607678</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><ieee_id>8606926</ieee_id><doaj_id>oai_doaj_org_article_d3b408617da84d1d8be83e883d74aafd</doaj_id><sourcerecordid>2455607678</sourcerecordid><originalsourceid>FETCH-LOGICAL-c408t-7dccb95bad5c97505323fee05e7913101b9d0592ec4ee4ac5ec4399b55a374c23</originalsourceid><addsrcrecordid>eNpNUMtqAjEUDaWFivUL3Ax01cXYPCav7mS0dUDowhaXIZNcZcQam5ku_PvGjkjv5l4O53E5CI0JnhCC9fO0LOer1YRioidUaSIFvUEDSoTOGWfi9t99j0Ztu8NpVIK4HKCnxTovZ9VLtrDR5-smgs_KcOhi2Gcz29msOnSwjU13ekB3G7tvYXTZQ_T5Ov8oF_ny_a0qp8vcFVh1ufTO1ZrX1nOnJcecUbYBwBykJoxgUmuPuabgCoDCOp4OpnXNuWWycJQNUdX7-mB35hibLxtPJtjG_AEhbo2NXeP2YDyrU6Yg0ltVeOJVDYqBUszLwtqNT16Pvdcxhu8faDuzCz_xkN43tOBcYCmkSizWs1wMbRthc00l2JwrNn3F5lyxuVScVONe1QDAVaEEFpoK9gtb23Sl</addsrcrecordid><sourcetype>Open Website</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2455607678</pqid></control><display><type>article</type><title>HW-CDI: Hard-Wired Control Data Integrity</title><source>IEEE Open Access Journals</source><source>DOAJ Directory of Open Access Journals</source><source>EZB-FREE-00999 freely available EZB journals</source><creator>Lee, Yongsuk ; Lee, Gyungho</creator><creatorcontrib>Lee, Yongsuk ; Lee, Gyungho</creatorcontrib><description>Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.</description><identifier>ISSN: 2169-3536</identifier><identifier>EISSN: 2169-3536</identifier><identifier>DOI: 10.1109/ACCESS.2019.2891762</identifier><identifier>CODEN: IAECCG</identifier><language>eng</language><publisher>Piscataway: IEEE</publisher><subject>Control data ; Control data (computers) ; control flow integrity ; Data integrity ; Decoding ; Encoding ; Encoding-Decoding ; Hardware ; indirect branch ; instruction set architecture ; Instruments ; Integrity ; Microprocessors ; Process control ; Software ; software security ; Stability</subject><ispartof>IEEE access, 2019, Vol.7, p.10811-10822</ispartof><rights>Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2019</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c408t-7dccb95bad5c97505323fee05e7913101b9d0592ec4ee4ac5ec4399b55a374c23</citedby><cites>FETCH-LOGICAL-c408t-7dccb95bad5c97505323fee05e7913101b9d0592ec4ee4ac5ec4399b55a374c23</cites><orcidid>0000-0002-2825-370X</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://ieeexplore.ieee.org/document/8606926$$EHTML$$P50$$Gieee$$Hfree_for_read</linktohtml><link.rule.ids>314,780,784,864,2101,4023,27632,27922,27923,27924,54932</link.rule.ids></links><search><creatorcontrib>Lee, Yongsuk</creatorcontrib><creatorcontrib>Lee, Gyungho</creatorcontrib><title>HW-CDI: Hard-Wired Control Data Integrity</title><title>IEEE access</title><addtitle>Access</addtitle><description>Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.</description><subject>Control data</subject><subject>Control data (computers)</subject><subject>control flow integrity</subject><subject>Data integrity</subject><subject>Decoding</subject><subject>Encoding</subject><subject>Encoding-Decoding</subject><subject>Hardware</subject><subject>indirect branch</subject><subject>instruction set architecture</subject><subject>Instruments</subject><subject>Integrity</subject><subject>Microprocessors</subject><subject>Process control</subject><subject>Software</subject><subject>software security</subject><subject>Stability</subject><issn>2169-3536</issn><issn>2169-3536</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>ESBDL</sourceid><sourceid>RIE</sourceid><sourceid>DOA</sourceid><recordid>eNpNUMtqAjEUDaWFivUL3Ax01cXYPCav7mS0dUDowhaXIZNcZcQam5ku_PvGjkjv5l4O53E5CI0JnhCC9fO0LOer1YRioidUaSIFvUEDSoTOGWfi9t99j0Ztu8NpVIK4HKCnxTovZ9VLtrDR5-smgs_KcOhi2Gcz29msOnSwjU13ekB3G7tvYXTZQ_T5Ov8oF_ny_a0qp8vcFVh1ufTO1ZrX1nOnJcecUbYBwBykJoxgUmuPuabgCoDCOp4OpnXNuWWycJQNUdX7-mB35hibLxtPJtjG_AEhbo2NXeP2YDyrU6Yg0ltVeOJVDYqBUszLwtqNT16Pvdcxhu8faDuzCz_xkN43tOBcYCmkSizWs1wMbRthc00l2JwrNn3F5lyxuVScVONe1QDAVaEEFpoK9gtb23Sl</recordid><startdate>2019</startdate><enddate>2019</enddate><creator>Lee, Yongsuk</creator><creator>Lee, Gyungho</creator><general>IEEE</general><general>The Institute of Electrical and Electronics Engineers, Inc. (IEEE)</general><scope>97E</scope><scope>ESBDL</scope><scope>RIA</scope><scope>RIE</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>7SR</scope><scope>8BQ</scope><scope>8FD</scope><scope>JG9</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>DOA</scope><orcidid>https://orcid.org/0000-0002-2825-370X</orcidid></search><sort><creationdate>2019</creationdate><title>HW-CDI: Hard-Wired Control Data Integrity</title><author>Lee, Yongsuk ; Lee, Gyungho</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c408t-7dccb95bad5c97505323fee05e7913101b9d0592ec4ee4ac5ec4399b55a374c23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Control data</topic><topic>Control data (computers)</topic><topic>control flow integrity</topic><topic>Data integrity</topic><topic>Decoding</topic><topic>Encoding</topic><topic>Encoding-Decoding</topic><topic>Hardware</topic><topic>indirect branch</topic><topic>instruction set architecture</topic><topic>Instruments</topic><topic>Integrity</topic><topic>Microprocessors</topic><topic>Process control</topic><topic>Software</topic><topic>software security</topic><topic>Stability</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Lee, Yongsuk</creatorcontrib><creatorcontrib>Lee, Gyungho</creatorcontrib><collection>IEEE All-Society Periodicals Package (ASPP) 2005-present</collection><collection>IEEE Open Access Journals</collection><collection>IEEE All-Society Periodicals Package (ASPP) 1998-Present</collection><collection>IEEE Electronic Library (IEL)</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Engineered Materials Abstracts</collection><collection>METADEX</collection><collection>Technology Research Database</collection><collection>Materials Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>DOAJ Directory of Open Access Journals</collection><jtitle>IEEE access</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Lee, Yongsuk</au><au>Lee, Gyungho</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>HW-CDI: Hard-Wired Control Data Integrity</atitle><jtitle>IEEE access</jtitle><stitle>Access</stitle><date>2019</date><risdate>2019</risdate><volume>7</volume><spage>10811</spage><epage>10822</epage><pages>10811-10822</pages><issn>2169-3536</issn><eissn>2169-3536</eissn><coden>IAECCG</coden><abstract>Ensuring that a program follows an uncompromised control flow at the machine instruction level can provide sound protection from control flow attacks that transfer a control flow to the attacker's flow during program execution. This paper proposes an enhanced control data protection for control flow integrity called hard wired control data integrity (HW-CDI). The HW-CDI hides the control data via encoding with a key and requires proper decoding with the key for a correct control flow transfer. A unique aspect of HW-CDI is that this key changes in terms of not only the location but also the value of the control data. This paper describes the features necessary to make HW-CDI, an effective approach for securing program control flows with low-performance overhead. More specifically, this paper describes how to incorporate the HW-CDI into the processor's instruction pipeline so that it becomes an integral part of indirect branch instruction execution. It also provides information on how to generate the encoding/decoding keys without additional instrumented code. The HW-CDI is able to differentiate control flow transfer instances, providing context-based protection at negligible performance overhead.</abstract><cop>Piscataway</cop><pub>IEEE</pub><doi>10.1109/ACCESS.2019.2891762</doi><tpages>12</tpages><orcidid>https://orcid.org/0000-0002-2825-370X</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2169-3536
ispartof	IEEE access, 2019, Vol.7, p.10811-10822
issn	2169-3536 2169-3536
language	eng
recordid	cdi_proquest_journals_2455607678
source	IEEE Open Access Journals; DOAJ Directory of Open Access Journals; EZB-FREE-00999 freely available EZB journals
subjects	Control data Control data (computers) control flow integrity Data integrity Decoding Encoding Encoding-Decoding Hardware indirect branch instruction set architecture Instruments Integrity Microprocessors Process control Software software security Stability
title	HW-CDI: Hard-Wired Control Data Integrity
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-08T11%3A11%3A54IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=HW-CDI:%20Hard-Wired%20Control%20Data%20Integrity&rft.jtitle=IEEE%20access&rft.au=Lee,%20Yongsuk&rft.date=2019&rft.volume=7&rft.spage=10811&rft.epage=10822&rft.pages=10811-10822&rft.issn=2169-3536&rft.eissn=2169-3536&rft.coden=IAECCG&rft_id=info:doi/10.1109/ACCESS.2019.2891762&rft_dat=%3Cproquest_cross%3E2455607678%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2455607678&rft_id=info:pmid/&rft_ieee_id=8606926&rft_doaj_id=oai_doaj_org_article_d3b408617da84d1d8be83e883d74aafd&rfr_iscdi=true