Sciweavers

ASPLOS
2006
ACM

Architectural support for software-based protection

14 years 6 months ago
Architectural support for software-based protection
Control-Flow Integrity (CFI) is a property that guarantees program control flow cannot be subverted by a malicious adversary, even if the adversary has complete control of data memory. We have shown in prior work how CFI can be enforced by using inlined software guards that perform safety checks. The first part of this paper shows how modest Instruction Set Architecture (ISA) support can replace such guard code with single instructions. On the foundation of CFI we have implemented XFI: a protection system that offers fine-grained memory access control and fundamental integrity guarantees for critical system state. XFI can be seen as a flexible, generalized form of software-based fault isolation (SFI). In the second part of this paper we present ISA support for XFI, in the form of simple bounds-check instructions. CFI and XFI can significantly increase the security and integrity of software execution. Our results indicate that support for CFI and XFI is a straightforward, simple ...
Mihai Budiu, Úlfar Erlingsson, Martí
Added 13 Jun 2010
Updated 13 Jun 2010
Type Conference
Year 2006
Where ASPLOS
Authors Mihai Budiu, Úlfar Erlingsson, Martín Abadi
Comments (0)