Full Program »
ρFEM: Efficient Backward-edge Protection Using Reversed Forward-edge Mappings
We propose reversed forward-edge mapper (ρFEM), a Clang/LLVM compiler-based tool, to protect the backward edges of program’s control flow graph (CFG) against runtime control-flow hijacking (e.g., code reuse attacks). It protects backward-edge transfers inC/C++originating from virtual and non-virtual functions by first statically constructing a precise virtual table hierarchy, with which to forma precise forward-edge mapping between callees and non-virtual calltargets based on precise function signatures, and then checks each instrumented callee return against the previously computed set at runtime. We have evaluatedρFEMusing the Chrome browser,NodeJS, Nginx, Memcached, and SPEC CPU2017 benchmark. Our results show that ρFEM enforces less than 2.77 return targets per callee in geomean, even for applications heavily relying on backward edges. ρFEM’s runtime overhead is less than 1% in geomean for the SPEC CPU2017 benchmark and 3.44% in geomean for the Chrome browser.