Abstract | ||
---|---|---|
AbstractControl-Flow Integrity (CFI) is an effective defense technique against a variety of memory-based cyber attacks. CFI is usually enforced through software methods, which entail considerable performance overhead. Hardware-based CFI techniques can largely avoid performance overhead, but typically rely on code instrumentation, forming a non-trivial hurdle to the application of CFI. Taking advantage of the tradeoff between computing efficiency and flexibility of FPGA, we develop FastCFI, an FPGA-based CFI system that can perform fine-grained and stateful checking without code instrumentation. We also propose an automated Verilog generation technique that facilitates fast deployment of FastCFI, and a compression algorithm for reducing the hardware expense. Experiments on popular benchmarks confirm that FastCFI can detect fine-grained CFI violations over unmodified binaries. When using FastCFI on prevalent benchmarks, we demonstrate its capability to detect fine-grained CFI violations in unmodified binaries, while incurring an average of 0.36% overhead and a maximum of 2.93% overhead. |
Year | DOI | Venue |
---|---|---|
2021 | 10.1145/3458471 | ACM Transactions on Design Automation of Electronic Systems |
Keywords | DocType | Volume |
Control-flow integrity, field-programmable gate array, security | Journal | 26 |
Issue | ISSN | Citations |
5 | 1084-4309 | 0 |
PageRank | References | Authors |
0.34 | 0 | 4 |
Name | Order | Citations | PageRank |
---|---|---|---|
Lang Feng | 1 | 0 | 0.34 |
Jeff Huang | 2 | 277 | 21.02 |
Jiang Hu | 3 | 668 | 65.67 |
Abhijith Reddy | 4 | 0 | 0.34 |