Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

TL;DR

This paper compares various CFG-based hardware-assisted CFI schemes on a common FPGA platform, providing a fair performance and resource utilization analysis, and introduces an improved, more practical CFI approach with lower overhead.

Contribution

It offers a unified comparison of CFG-based CFI schemes on a common platform and proposes an enhanced, more efficient CFI method addressing previous limitations.

Findings

The new CFI scheme achieves lower overheads than previous methods.

Performance varies significantly across different CFG-based schemes.

The unified platform enables fair, quantitative comparisons of CFI techniques.

Abstract

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and mitigate such attacks. In recent years, many hardware-assisted implementations of CFI enforcement based on control flow graphs (CFGs) have been presented by academia. Such approaches check whether control flow transfers follow the intended CFG by limiting the valid target addresses. However, these papers all target different platforms and were evaluated with different sets of benchmark applications, which makes quantitative comparisons hardly possible. For this paper, we have implemented multiple promising CFG-based CFI schemes on a common platform comprising a RISC-V SoC within an FPGA. By porting almost 40 benchmark applications to this system we can present a meaningful comparison of the various techniques in terms of run-time performance, hardware utilization, and binary size. In addition, we present an enhanced CFI approach that is inspired by what we consider the best concepts and ideas of previously proposed mechanisms. We have made this approach more practical and feature-complete by tackling some problems largely ignored previously. We show with this fine-grained scheme that CFI can be achieved with even less overheads than previously demonstrated.