Title : 
Getting in control of your control flow with control-data isolation
         
        
            Author : 
Arthur, William ; Mehne, Ben ; Das, Reetuparna ; Austin, Todd
         
        
            Author_Institution : 
Univ. of Michigan, Ann Arbor, MI, USA
         
        
        
        
        
        
            Abstract : 
Computer security has become a central focus in the information age. Though enormous effort has been expended on ensuring secure computation, software exploitation remains a serious threat. The software attack surface provides many avenues for hijacking; however, most exploits ultimately rely on the successful execution of a control-flow attack. This pervasive diversion of control flow is made possible by the pollution of control flow structure with attacker-injected runtime data. Many control-flow attacks persist because the root of the problem remains: runtime data is allowed to enter the program counter. In this paper, we propose a novel approach: Control-Data Isolation. Our approach provides protection by going to the root of the problem and removing all of the operations that inject runtime data into program control. While previous work relies on CFG edge checking and labeling, these techniques remain vulnerable to attacks such as heap spray, read, or GOT attacks and in some cases suffer high overheads. Rather than addressing control-flow attacks by layering additional complexity, our work takes a subtractive approach; subtracting the primary cause of contemporary control-flow attacks. We demonstrate that control-data isolation can assure the integrity of the programmer´s CFG at runtime, while incurring average performance overheads of less than 7% for a wide range of benchmarks.
         
        
            Keywords : 
computer crime; program control structures; CFG integrity; average performance overheads; computer security; contemporary control flow attacks; control-data isolation; hijacking; information age; program control; program counter; secure computation; software exploitation; software vulnerabilities; subtractive approach; Data models; Libraries; Process control; Radiation detectors; Runtime; Security; Software;
         
        
        
        
            Conference_Titel : 
Code Generation and Optimization (CGO), 2015 IEEE/ACM International Symposium on
         
        
            Conference_Location : 
San Francisco, CA
         
        
        
            DOI : 
10.1109/CGO.2015.7054189