Control-Flow Integrity (CFI) techniques focus often on protecting forward edges and assume that backward edges are protected by shadow stacks. However, software-based shadow stacks that can provide performance, security, and compatibility are still hard to obtain, leaving an important security gap on x86-64. In this article, we introduce a simple, efficient, and effective parallel shadow stack design (based on LLVM),
FlashStack
, for protecting return addresses in single- and multi-threaded programs running under 64-bit Linux on x86-64, with three distinctive features. First, we introduce a novel dual-prologue approach to enable a protected function to thwart the TOCTTOU attacks, which are constructed by Microsoft’s red team and lead to the deprecation of Microsoft’s RFG. Second, we design a new mapping mechanism,
Segment+Rsp-S
, to allow the parallel shadow stack to be accessed efficiently while satisfying the constraints of
arch_prctl()
and ASLR in 64-bit Linux. Finally, we introduce a lightweight inspection mechanism,
SideChannel-K
, to harden
FlashStack
further by detecting entropy-reduction attacks efficiently and protecting the parallel shadow stack effectively with a 10-ms shuffling policy. Our evaluation on
SPEC CPU2006
,
Nginx,
and
Firefox
shows that
FlashStack
can provide high performance, meaningful security, and reasonable compatibility for server- and client-side programs on x86-64.