References & Citations
Computer Science > Cryptography and Security
Title: EC-CFI: Control-Flow Integrity via Code Encryption Counteracting Fault Attacks
(Submitted on 31 Jan 2023 (v1), last revised 24 Mar 2023 (this version, v2))
Abstract: Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary functions inside the program. To protect the control-flow from these attacks, dedicated fault control-flow integrity (CFI) countermeasures are commonly deployed. However, these schemes either have high detection latencies or require intrusive hardware changes. In this paper, we present EC-CFI, a software-based cryptographically enforced CFI scheme with no detection latency utilizing hardware features of recent Intel platforms. Our EC-CFI prototype is designed to prevent an adversary from escaping the program's call graph using faults by encrypting each function with a different key before execution. At runtime, the instrumented program dynamically derives the decryption key, ensuring that the code only can be successfully decrypted when the program follows the intended call graph. To enable this level of protection on Intel commodity systems, we introduce extended page table (EPT) aliasing allowing us to achieve function-granular encryption by combing Intel's TME-MK and virtualization technology. We open-source our custom LLVM-based toolchain automatically protecting arbitrary programs with EC-CFI. Furthermore, we evaluate our EPT aliasing approach with the SPEC CPU2017 and Embench-IoT benchmarks and discuss and evaluate potential TME-MK hardware changes minimizing runtime overheads.
Submission history
From: Pascal Nasahl [view email][v1] Tue, 31 Jan 2023 16:51:33 GMT (460kb,D)
[v2] Fri, 24 Mar 2023 10:41:21 GMT (633kb,D)
Link back to: arXiv, form interface, contact.