Memory safety errors enable an adversary to corrupt code pointers, diverting the program’s control flow. Recent CPU features, such as Intel CET/IBT, harden software systems against exploitation attempts that maliciously redirect control flow operations. While IBT limits valid indirect branch targets, forward-edge transfers can still be redirected to any IBT-marked function. Thus, IBT cannot provide fine-grained protection against forward-edge control-flow attacks. This paper presents code encryption with Intel TME-MK, a novel approach for control-flow enforcement against software exploitation on off-the-shelf x86 machines. We repurpose the Intel TME-MK runtime encryption to achieve function-level code encryption. Encrypted functions are only accessible through function pointers associated with the correct key, thereby enforcing fine-grained restrictions for control-flow transfers. We demonstrate two new encryption-based techniques for software hardening in practice: forward-edge control-flow integrity and library encryption. We implement a security-hardened toolchain that combines compiler instrumentation and a loader extension to ensure the validity of the program’s execution flow through efficient hardware-backed encryption. Our prototype shows a geomean performance overhead of 7.8 % for forward-edge control-flow integrity and 2.2 %  for library encryption evaluated with the SPEC CPU2017 benchmark suite.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Code Encryption with Intel TME-MK for Control-Flow Enforcement

  • Martin Unterguggenberger,
  • Lukas Lamster,
  • Mathias Oberhuber,
  • Simon Scherer,
  • Stefan Mangard

摘要

Memory safety errors enable an adversary to corrupt code pointers, diverting the program’s control flow. Recent CPU features, such as Intel CET/IBT, harden software systems against exploitation attempts that maliciously redirect control flow operations. While IBT limits valid indirect branch targets, forward-edge transfers can still be redirected to any IBT-marked function. Thus, IBT cannot provide fine-grained protection against forward-edge control-flow attacks. This paper presents code encryption with Intel TME-MK, a novel approach for control-flow enforcement against software exploitation on off-the-shelf x86 machines. We repurpose the Intel TME-MK runtime encryption to achieve function-level code encryption. Encrypted functions are only accessible through function pointers associated with the correct key, thereby enforcing fine-grained restrictions for control-flow transfers. We demonstrate two new encryption-based techniques for software hardening in practice: forward-edge control-flow integrity and library encryption. We implement a security-hardened toolchain that combines compiler instrumentation and a loader extension to ensure the validity of the program’s execution flow through efficient hardware-backed encryption. Our prototype shows a geomean performance overhead of 7.8 % for forward-edge control-flow integrity and 2.2 %  for library encryption evaluated with the SPEC CPU2017 benchmark suite.