BGCFI: Efficient Verification in Fine-Grained Control-Flow Integrity Based on Bipartite Graph
نویسندگان
چکیده
Control-flow integrity (CFI) is considered a principled mitigation against control-flow hijacking even under the most powerful attacker who can arbitrarily write and read memory. However, existing schemes still demonstrated limitations in either guaranteeing high security level or achieving low performance memory overhead. These have restricted application of CFI real software. To improve its applicability similar to mandatory protection such as DEP ASLR, it essential both guarantee In this paper, we propose “BGCFI”, which fine-grained based on Bipartite Graph. The relationship between an indirect branch valid target address at represented by edge bipartite graph. verification achieved checking existence corresponding method for results more efficiency computational overhead, while completely preserving guarantee. We demonstrate our through implementation proof-of-concept module evaluation SPEC CPU 2017 suite Firefox browser.
منابع مشابه
Fine-Grained Control-Flow Integrity Through Binary Hardening
Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular,...
متن کاملModular fine-grained concurrency verification
Traditionally, concurrent data structures are protected by a single mutual exclusion lock so that only one thread may access the data structure at any time. This coarse-grained approach makes it relatively easy to reason about correctness, but it severely limits parallelism. More advanced algorithms instead perform synchronisation at a finer grain. They employ sophisticated synchronisation sche...
متن کاملFlexible and Efficient Sandboxing Based on Fine-Grained Protection Domains
Sandboxing is one of the most promising technologies for safely executing potentially malicious applications, and it is becoming an indispensable functionality of modern computer systems. Nevertheless, traditional operating systems provide no special support for sandboxing; a sandbox system is either built in the user level, or directly encoded in the kernel level. In the user-level implementat...
متن کاملVerification and refinement with fine-grained action-based concurrent objects
Action-based concurrent object-oriented programs express autonomous behavior of objects through actions that, like methods, are attached to objects but, in contrast to methods, may execute autonomously whenever their guard is true. The promise is a streamlining of the program structure by eliminating the distinction between processes and objects and a streamlining of correctness arguments. In t...
متن کاملA Fine Grained Access Control Model Based on Diverse Attributes
As the web has become a place for sharing of information and resources across varied domains, there is a need for providing authorization services in addition to authentication services provided by public key infrastructure (PKI). In distributed systems the use of attribute certificates (AC) has been explored as a solution for implementation of authorization services and their use is gaining po...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IEEE Access
سال: 2023
ISSN: ['2169-3536']
DOI: https://doi.org/10.1109/access.2023.3234184