Control Flow Integrity System and Method

摘要

An improved CFI system and method is described that provides security from attacks to hijack computer software. The improved CFI system and method inserts two tags to execute label identification. The first tag is positioned before any instruction that would result in an indirect control flow transfer and requires the program to execute a check. The second tag is located before the first line of any legitimate transfer destination and when discovered by the tag check allows a program to carry out the indirect transfer. This tag orientation does not prevent transfers to targets other than the origin instruction's specific intended destination but limits transfers to destinations that begin with the proper label dedication. Although, an incorrect address may be called, that will be within the software program's assortment of legitimate indirect transfer targets. Attempts to exploit or reroute indirect transfers outside of the established control flow are eliminated.

主权项

1. A two-tiered computer-based security method for protecting binary code and associated libraries from access by unauthorized users during loading of the binary code and associated libraries and launching the binary code and associated libraries, comprising the steps of:
(A) at a first tier of the method, an operating system loading a launcher program for overseeing the launching of the binary code and associated binary code libraries to be protected, the launcher program being loaded by,
(1) the operating system requesting a computer registry to load the binary code and associated libraries to be protected;(2) the computer registry redirecting the loading of the launcher program and associated libraries in place of the binary code and associated libraries to be protected,(3) the operating system loading the launcher program and the associated libraries, and(4) the operating system running the launcher program and associated libraries for input to and controlling a second tier of the method, and (B) at the second tier of the method, the operating system running the launcher program to oversee modification of the binary code and associated libraries to be protected by,
(1) the operating system loading the binary code and associated libraries,(2) the operating system under the control of the launcher program rewriting the binary code and associated binary code libraries, with the rewriting of the binary code and associated libraries being such that the operating functionality of the binary code and associated libraries remain substantially the same and with the binary code and associated libraries being located at a new location in system memory as controlled by the launcher program,(3) the operating system under the control of the launcher program generating and storing a hash table to redirect calls and returns for indirect control flow transfers from the binary code and associated libraries to the rewritten binary code and rewritten associated binary code libraries, with knowledge of the redirection being controlled by the lunch program, and(4) the operating system running the protected binary code and associated libraries in the form of the rewritten binary code and rewritten associated libraries.