ABSTRACT
Enforcing control flow integrity (CFI) in the kernel (kCFI) can prevent control-flow hijack attacks. Unfortunately, current kCFI approaches have high overhead or are inflexible and cannot support complex context-sensitive policies. To overcome these limitations, we propose a kCFI approach that makes use of eBPF (eKCFI) as the enforcement mechanism. The focus of this work is to demonstrate through implementation optimizations how to overcome the enormous performance overhead of this approach, thereby enabling the potential benefits with only modest performance tradeoffs.
- Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005. Control-Flow Integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security.Google Scholar
- John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. In 2014 IEEE Symposium on Security and Privacy.Google Scholar
- Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient Protection of Path-Sensitive Control Security. In 26th USENIX Security Symposium (USENIX Security 17).Google Scholar
- Guillaume Fournier. 2022. Return to Sender - Detecting Kernel Exploits with eBPF. https://i.blackhat.com/USA-22/Wednesday/US-22-Fournier-Return-To-Sender.pdf. (2022). Accessed 2023.Google Scholar
- Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger. 2016. Fine-Grained Control-Flow Integrity for Kernel Software. In IEEE European Symposium on Security and Privacy.Google Scholar
- Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
- Jinku Li, Xiaomeng Tong, Fengwei Zhang, and Jianfeng Ma. 2018. Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels. IEEE Transactions on Information Forensics and Security (2018).Google Scholar
- LLVM. 2023. Control Flow Integrity Design Documentation. https://clang.llvm.org/docs/ControlFlowIntegrityDesign.html. (2023). Accessed 2023.Google Scholar
- Ben Niu and Gang Tan. 2015. Per-Input Control-Flow Integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.Google ScholarDigital Library
Index Terms
- Practical and Flexible Kernel CFI Enforcement using eBPF
Recommendations
Seeing the Invisible: Auditing eBPF Programs in Hypervisor with HyperBee
eBPF '23: Proceedings of the 1st Workshop on eBPF and Kernel ExtensionsThe flexibility of eBPF makes it widely used in performance, security, and monitoring. However, this flexibility is a double-edged sword, allowing attackers to use eBPF for malicious purposes. Security researchers have discovered multiple backdoors ...
Efficient Context-Sensitive CFI Enforcement Through a Hardware Monitor
Detection of Intrusions and Malware, and Vulnerability AssessmentAbstractRecent works on Control-Flow Integrity (CFI) have mainly focused on Context-Sensitive CFI policies to provide higher security guarantees. They utilize a debugging hardware feature in modern Intel CPUs, Processor Trace (PT), to efficiently collect ...
Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels
The operating system kernel is often the security foundation for the whole system. To prevent attacks, control-flow integrity (CFI) has been proposed to ensure that any control transfer during the program’s execution never deviates from its control-flow ...
Comments