On Bridging the Gap between Control Flow Integrity and Attestation Schemes

Authors: 

Mahmoud Ammar, Ahmed Abdelraoof, and Silviu Vlasceanu, Huawei Research, Germany

Abstract: 

Control-flow hijacking attacks are still a major challenge in software security. Several means of protection and detection have been proposed but gaps still exist. To bridge such gaps, major processor manufacturers have designed and implemented several hardware security extensions in the new generations of processors. High-profile examples include Pointer Authentication (PA) and Branch Target Identification (BTI) technologies that are supported in the ARMv8.5-A processor architecture. Nevertheless, the direct enablement of these technologies would only provide coarse-grained security guarantees without any trustworthy evidence of runtime integrity.

To fill this gap, we propose CFA+, a practical hardware-assisted control flow attestation mechanism with prevention capabilities. CFA+ leverages the ARMv8.5-A's BTI security extension along with selective software instrumentation to enable lightweight always-on monitoring of the execution state without the need to maintain in-memory control-flow logs. The hybrid policy of CFA+ allows for either immediate prevention or quick detection of control-flow hijacks while providing trustworthy evidence of the runtime integrity status. CFA+ provides fine-grained security guarantees to complex software stacks while maintaining a high level of efficiency and scalability, surpassing state-of-the-art solutions. Our evaluation results show that CFA+ incurs less than 3% of runtime overhead on average when applied to a wide range of benchmark applications including SPEC CPU2006 suite and nginx.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

BibTeX
@inproceedings {299850,
author = {Mahmoud Ammar and Ahmed Abdelraoof and Silviu Vlasceanu},
title = {On Bridging the Gap between Control Flow Integrity and Attestation Schemes},
booktitle = {33rd USENIX Security Symposium (USENIX Security 24)},
year = {2024},
isbn = {978-1-939133-44-1},
address = {Philadelphia, PA},
pages = {6633--6650},
url = {https://www.usenix.org/conference/usenixsecurity24/presentation/ammar},
publisher = {USENIX Association},
month = aug
}

Presentation Video