Skip to main content
누빈트
QUICK REVIEW

[논문 리뷰] A survey of Hardware-based Control Flow Integrity (CFI)

Ruan de Clercq, Ingrid Verbauwhede|arXiv (Cornell University)|2017. 06. 22.
Security and Verification in Computing참고 문헌 46인용 수 51
한 줄 요약

이 설문조사는 21개의 하드웨어 기반 CFI 아키텍처를 분석하여 보안 정책, 한계, 하드웨어 비용, 성능 및 실용성을 평가합니다. 많은 정책이 광범위한 채택에 적합하지 않다고 주장합니다.

ABSTRACT

CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal is to evaluate the security, limitations, hardware cost, performance, and practicality of using these policies. We show that many architectures are not suitable for widespread adoption, since they have practical issues, such as relying on accurate control flow model (which is difficult to obtain) or they implement policies which provide only limited security.

연구 동기 및 목표

  • Evaluate security policies enforced by 21 recent hardware-based CFI architectures.
  • Assess limitations and practical challenges of these policies.
  • Analyze hardware cost and performance impacts of hardware-based CFI implementations.
  • Determine the practicality of adopting hardware-based CFI in real systems.

제안 방법

  • Review and analyze 21 hardware-based CFI architectures.
  • Characterize each architecture's control-flow policy and security guarantees.
  • Evaluate practicality including hardware cost and performance impact.
  • Identify common limitations such as reliance on accurate control-flow models.

실험 결과

연구 질문

  • RQ1What security policies do current hardware-based CFI architectures enforce?
  • RQ2What are the limitations and practical challenges of these policies for real-world deployment?
  • RQ3How do hardware costs and performance overheads affect the viability of hardware-based CFI?
  • RQ4Are the control-flow models used by these architectures accurate and feasible to obtain?

주요 결과

  • Many architectures rely on accurate control-flow models, which are difficult to obtain.
  • Several policies provide only limited security guarantees.
  • A substantial portion of architectures face practical issues hindering widespread adoption.
  • Hardware cost and performance overhead are significant factors in evaluating practicality.
  • The surveyed policies vary in robustness and applicability across scenarios.

더 나은 연구,지금 바로 시작하세요

연구 설계부터 논문 작성까지, 연구 시간을 획기적으로 줄여보세요.

카드 등록 없음 · 무료 플랜 제공

이 리뷰는 AI가 만들고, 인간 에디터가 검토했습니다.