Skip to main content
SpringerLink
Log in
Book cover

International Conference on Provable Security

ProvSec 2022: Provable and Practical Security pp 139–155Cite as

Fast Out-of-Band Data Integrity Monitor to Mitigate Memory Corruption Attacks

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13600))

Abstract

Memory corruption is a root cause of software attacks. Existing defense mechanisms (e.g., DEP, ASLR, CFI, CPI/CPS, and DFI) either offer limited security guarantees or incur high performance overhead. In this paper, we designed and developed a fast out-of-band (OOB) integrity monitor dubbed FastDIM to protect both applications and kernels against memory corruption attacks with less overhead. With FastDIM, a program in question is statically hardened by a compiler module. After that, the integrity of sensitive program data such as control-flow transfers (e.g., code pointers) and security relevant non-control data (e.g., encryption keys) are automatically protected by a monitor at run time. The key differences between FastDIM and related work are in the following aspects: 1) FastDIM offers an OOB monitor that protects the programs independently rather than letting the protected programs verify themselves using inlined reference monitor (IRM); 2) FastDIM extends the concept of shadow stacks originally proposed in CFI to protect not only return addresses but also other sensitive data such as function pointers, vtable pointers, and user-annotated sensitive non-control data. Thus, the protection of FastDIM is beyond control-flow data; 3) FastDIM provides a fast communication mechanism between programs and the monitor, so that the integrity checks are performed efficiently without context switch; and 4) for a better scalability and compatibility, FastDIM does not rely on LTO and Cross-DSO to support applications with dynamically linked libraries. We implemented a Kernel version and a TrustZone version of FastDIM to protect both user programs and Linux/Android kernels. The evaluation results show that the average overhead of FastDIM is 4.4% on SPEC CPU2017 C/C++ benchmarks and around 3% on AnTuTu benchmarks.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   54.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. CCS 2005, ACM, New York, NY, USA (2005)

    Google Scholar 

  2. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13(1), 4:1-4:40 (2009)

    Article  Google Scholar 

  3. Bhatkar, S., Sekar, R.: Data space randomization. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 1–22. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70542-0_1

    Chapter  Google Scholar 

  4. Bigelow, D., Hobson, T., Rudd, R., Streilein, W., Okhravi, H.: Timely rerandomization for mitigating memory disclosures. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 268–279. CCS 2015, ACM, New York, NY, USA (2015)

    Google Scholar 

  5. Carlini, N., Barresi, A., Payer, M., Wagner, D., Gross, T.R.: Control-flow bending: on the effectiveness of control-flow integrity. In: 24th USENIX Security Symposium (USENIX Security 15), pp. 161–176. USENIX Association, Washington, D.C (2015)

    Google Scholar 

  6. Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation, pp. 147–160. OSDI 2006, USENIX Association, Berkeley, CA, USA (2006)

    Google Scholar 

  7. Ding, R., Qian, C., Song, C., Harris, B., Kim, T., Lee, W.: Efficient protection of path-sensitive control security. In: 26th USENIX Security Symposium (USENIX Security 17), pp. 131–148. USENIX Association, Vancouver, BC (2017)

    Google Scholar 

  8. Goktas, E., et al.: Bypassing Clang’s SafeStack for fun and profit. In: Black Hat Europe (2016)

    Google Scholar 

  9. Intelligence, S.: Android keystore stack buffer overflow: to keep things simple, buffers are always larger than needed (2014)

    Google Scholar 

  10. Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., Song, D.: Code-pointer integrity. In: 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 2014), pp. 147–163. USENIX Association, Broomfield, CO (2014)

    Google Scholar 

  11. Li, J., Wang, Z., Jiang, X., Grace, M., Bahram, S.: Defeating return-oriented rootkits with “return-less” kernels. In: Proceedings of the 5th European Conference on Computer Systems, pp. 195–208. EuroSys 2010, ACM, New York, NY, USA (2010)

    Google Scholar 

  12. Mashtizadeh, A.J., Bittau, A., Boneh, D., Mazières, D.: CCFI: cryptographically enforced control flow integrity. In: Proceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security, pp. 941–951. CCS 2015, ACM, New York, NY, USA (2015)

    Google Scholar 

  13. Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K.W., Franz, M.: Opaque control-flow integrity. In: NDSS (2015)

    Google Scholar 

  14. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: SoftBound: highly compatible and complete spatial memory safety for C. In: Proceedings of ACM PLDI (2009)

    Google Scholar 

  15. Nagarakatte, S., Zhao, J., Martin, M.M., Zdancewic, S.: CETS: compiler enforced temporal safety for C. In: Proceedings of ISMM (2010)

    Google Scholar 

  16. Necula, G.C., McPeak, S., Weimer, W.: CCured: type-safe retrofitting of legacy code. In: Proceedings of ACM POPL (2002)

    Google Scholar 

  17. Newsome, J., Song, D.X.: Dynamic taint analysis for automatic detection, analysis, and signaturegeneration of exploits on commodity software. In: NDSS (2005)

    Google Scholar 

  18. Niu, B., Tan, G.: Modular control-flow integrity. SIGPLAN Not. 49(6), 577–587 (2014)

    Article  Google Scholar 

  19. Snow, K.Z., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., Sadeghi, A.R.: Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 574–588. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)

    Google Scholar 

  20. Zhang, C., et al.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 2013 IEEE Symposium on Security and Privacy, pp. 559–573. SP 2013, IEEE Computer Society, Washington, DC, USA (2013)

    Google Scholar 

  21. Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22Nd USENIX Conference on Security, pp. 337–352. SEC 2013, USENIX Association, Berkeley, CA, USA (2013)

    Google Scholar 

Download references

Acknowledgements

We sincerely thank reviewers for their insightful feedback. This work was supported in part by NSFC Award #61972200.

Author information

Authors and Affiliations

  1. Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China

    Jian Huang, Shanliang Xue & Caiyi Wang

  2. Collaborative Innovation Center of Novel Software Technology and Industrialization, Nanjing, 211106, China

    Jian Huang, Shanliang Xue & Caiyi Wang

Authors
  1. Jian Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shanliang Xue
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Caiyi Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Caiyi Wang .

Editor information

Editors and Affiliations

  1. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Chunpeng Ge

  2. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huang, J., Xue, S., Wang, C. (2022). Fast Out-of-Band Data Integrity Monitor to Mitigate Memory Corruption Attacks. In: Ge, C., Guo, F. (eds) Provable and Practical Security. ProvSec 2022. Lecture Notes in Computer Science, vol 13600. Springer, Cham. https://doi.org/10.1007/978-3-031-20917-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-20917-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-20916-1

  • Online ISBN: 978-3-031-20917-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation