Field-sensitive Data Flow Integrity

TL;DR

This paper introduces FIX-Sense, a novel memory protection approach that ensures precise, efficient, and compatible data flow integrity at the structure field level, addressing key limitations of existing defenses.

Contribution

It presents a field-sensitive data flow integrity method that performs compile-time analysis and lightweight runtime verification without altering memory layout.

Findings

Achieves precise protection of structure fields.

Maintains high compatibility with existing code.

Reduces protection overhead compared to prior methods.

Abstract

Although numerous defenses against memory vulnerability exploits have been studied so far, highly-compatible, precise, and efficient defense is still an open problem. In fact, existing defense methods have at least one of the following problems: they (1) cannot precisely protect structure fields, (2) incur high protection overheads, and/or (3) cannot maintain compatibility with existing code due to imposing memory layout change on the protected program. In this paper, we propose a novel memory-protection method FIX-Sense that aims to solve all of these problems simultaneously. Our key idea is to perform memory protection based on field-sensitive data-flow integrity. Specifically, our method (1) computes a safe write-read relation for each memory object, at the structure-field granularity, based on field-sensitive value-flow analysis at the compile-time of the protected program. (2) At run-time, lightweight verification is performed to determine whether each memory read executed by the protected program belong to the safe write-read relation calculated for the memory object at compile time. (3) This verification is implemented by lightweight metadata management that tracks memory writes at the structure field granularity without changing the memory layout of the target program (especially the structure field layout).