Toward Taming the Overhead Monster for Data-Flow Integrity

Lang Feng; Jiayi Huang; Jeff Huang; Jiang Hu

arXiv:2102.10031·cs.AR·November 30, 2021

Toward Taming the Overhead Monster for Data-Flow Integrity

Lang Feng, Jiayi Huang, Jeff Huang, Jiang Hu

PDF

TL;DR

This paper introduces a hardware-assisted parallel approach to significantly reduce the performance overhead of Data-Flow Integrity (DFI), enabling its practical deployment without compromising security standards.

Contribution

A novel hardware-assisted parallel method is proposed to lower DFI overhead, maintaining original security guarantees while achieving a 4x performance improvement.

Findings

01

Complete enforcement of original DFI criteria achieved

02

Average 4x reduction in performance overhead

03

Validated on SPEC CPU 2006 benchmarks

Abstract

Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks. However, its real-world application has been quite limited so far because of the prohibitive performance overhead it incurs. Moreover, the overhead is enormously difficult to overcome without substantially lowering the DFI criterion. In this work, an analysis is performed to understand the main factors contributing to the overhead. Accordingly, a hardware-assisted parallel approach is proposed to tackle the overhead challenge. Simulations on SPEC CPU 2006 benchmark show that the proposed approach can completely enforce the DFI defined in the original seminal work while reducing performance overhead by 4x, on average.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.