PFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings

Paul Muntean, Mathias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert

Research output: Chapter in Book/Report/Conference proceedingConference contribution

2 Scopus citations

Abstract

In this paper, we propose reversed forward-edge mapper (PFEM), a Clang/LLVM compiler-based tool, to protect the backward edges of a program's control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers in C/C++ originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to form a precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluated PFEM using the Chrome browser, NodeJS, Nginx, Memcached, and the SPEC CPU2017 benchmark. Our results show that PFEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. PFEM's runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chrome browser.

Original languageEnglish (US)
Title of host publicationProceedings - 36th Annual Computer Security Applications Conference, ACSAC 2020
PublisherAssociation for Computing Machinery
Pages466-479
Number of pages14
ISBN (Electronic)9781450388580
DOIs
StatePublished - Dec 7 2020
Event36th Annual Computer Security Applications Conference, ACSAC 2020 - Virtual, Online, United States
Duration: Dec 7 2020Dec 11 2020

Publication series

NameACM International Conference Proceeding Series

Conference

Conference36th Annual Computer Security Applications Conference, ACSAC 2020
Country/TerritoryUnited States
CityVirtual, Online
Period12/7/2012/11/20

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Computer Vision and Pattern Recognition
  • Computer Networks and Communications

Fingerprint

Dive into the research topics of 'PFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings'. Together they form a unique fingerprint.

Cite this