Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS
A cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and re...
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Hindawi-Wiley
2018-01-01
|
| Series: | Security and Communication Networks |
| Online Access: | http://dx.doi.org/10.1155/2018/3130652 |
| id |
doaj-092f5c16149c47069e49a639eee4b1d7 |
|---|---|
| record_format |
Article |
| spelling |
doaj-092f5c16149c47069e49a639eee4b1d72020-11-24T20:48:54ZengHindawi-WileySecurity and Communication Networks1939-01141939-01222018-01-01201810.1155/2018/31306523130652Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPSWeizhong Qiang0Shizhen Wang1Hai Jin2Services Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, ChinaServices Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, ChinaServices Computing Technology and System Lab, Cluster and Grid Computing Lab, Big Data Security Engineering Research Center, School of Computer Science and Technology, Huazhong University of Science and Technology, Wuhan 430074, ChinaA cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and reusing existing code may also be threats to CPS. Various defense techniques are proposed in recent years as countermeasures to emerging code reuse attacks. However, they may fail to fulfill the security requirement well because they cannot protect the indirect function calls properly when it comes to dynamic code reuse attacks aiming at forward edges of control-flow graph (CFG). In this paper, we propose P-CFI, a fine-grained control-flow integrity (CFI) method, to protect CPS against memory-related attacks. We use points-to analysis to construct the legitimate target set for every indirect call cite and check whether the target of the indirect call cite is in the legitimate target set at runtime. We implement a prototype of P-CFI on LLVM and evaluate both its functionality and performance. Security analysis proves that P-CFI can mitigate the dynamic code reuse attack based on forward edges of CFG. Performance evaluation shows that P-CFI can protect CPS from dynamic code reuse attacks with trivial time overhead between 0.1% and 3.5% (Copyright © 2018 John Wiley & Sons, Ltd.).http://dx.doi.org/10.1155/2018/3130652 |
| collection |
DOAJ |
| language |
English |
| format |
Article |
| sources |
DOAJ |
| author |
Weizhong Qiang Shizhen Wang Hai Jin |
| spellingShingle |
Weizhong Qiang Shizhen Wang Hai Jin Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS Security and Communication Networks |
| author_facet |
Weizhong Qiang Shizhen Wang Hai Jin |
| author_sort |
Weizhong Qiang |
| title |
Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS |
| title_short |
Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS |
| title_full |
Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS |
| title_fullStr |
Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS |
| title_full_unstemmed |
Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS |
| title_sort |
fine-grained control-flow integrity based on points-to analysis for cps |
| publisher |
Hindawi-Wiley |
| series |
Security and Communication Networks |
| issn |
1939-0114 1939-0122 |
| publishDate |
2018-01-01 |
| description |
A cyber-physical system (CPS) is known as a mix system composed of computational and physical capabilities. The fast development of CPS brings new security and privacy requirements. Code reuse attacks that affect the correct behavior of software by exploiting memory corruption vulnerabilities and reusing existing code may also be threats to CPS. Various defense techniques are proposed in recent years as countermeasures to emerging code reuse attacks. However, they may fail to fulfill the security requirement well because they cannot protect the indirect function calls properly when it comes to dynamic code reuse attacks aiming at forward edges of control-flow graph (CFG). In this paper, we propose P-CFI, a fine-grained control-flow integrity (CFI) method, to protect CPS against memory-related attacks. We use points-to analysis to construct the legitimate target set for every indirect call cite and check whether the target of the indirect call cite is in the legitimate target set at runtime. We implement a prototype of P-CFI on LLVM and evaluate both its functionality and performance. Security analysis proves that P-CFI can mitigate the dynamic code reuse attack based on forward edges of CFG. Performance evaluation shows that P-CFI can protect CPS from dynamic code reuse attacks with trivial time overhead between 0.1% and 3.5% (Copyright © 2018 John Wiley & Sons, Ltd.). |
| url |
http://dx.doi.org/10.1155/2018/3130652 |
| work_keys_str_mv |
AT weizhongqiang finegrainedcontrolflowintegritybasedonpointstoanalysisforcps AT shizhenwang finegrainedcontrolflowintegritybasedonpointstoanalysisforcps AT haijin finegrainedcontrolflowintegritybasedonpointstoanalysisforcps |
| _version_ |
1716807511163535360 |