Random CFI (RCFI): Efficient Fine-Grained Control-Flow Integrity Through Random Verification

Abstract

In theory, Control-Flow Integrity (CFI) is considered a principled solution against control-data attacks. However, most fine-grained CFI schemes that ensure such high security suffer from significant performance overhead. Existing practical implementations have been proposed to overcome this performance overhead problem, but they have proven unable to guarantee high security because development of these implementations has focused on only improving performance, at the expense of the security guarantee. Even though it is important for CFI schemes to provide both high security and low performance overhead, existing research on CFI is limited either by way of performance or security guarantee. We propose a new approach of verification method in fine-grained CFI to achieve these two goals. Our scheme performs selective and random verifications for certain branches rather than all branches, and thus, can reduce performance overhead. We show improved performance by evaluating our proof-of-concept implementation on SPEC CPU 2017. In addition, we also show that our scheme does not significantly sacrifice the security guarantee of fine-grained CFI by analyzing the structure of existing control-data attack exploits, which were collected from real-world exploits DB and related literature.