Research Article
FRProtector: Defeating Control Flow Hijacking Through Function-Level Randomization and Transfer Protection
@INPROCEEDINGS{10.1007/978-3-319-78813-5_34, author={Jianming Fu and Rui Jin and Yan Lin}, title={FRProtector: Defeating Control Flow Hijacking Through Function-Level Randomization and Transfer Protection}, proceedings={Security and Privacy in Communication Networks. 13th International Conference, SecureComm 2017, Niagara Falls, ON, Canada, October 22--25, 2017, Proceedings}, proceedings_a={SECURECOMM}, year={2018}, month={4}, keywords={Control flow hijacking Control flow protection Function-level randomization Code reuse attack}, doi={10.1007/978-3-319-78813-5_34} }- Jianming Fu
Rui Jin
Yan Lin
Year: 2018
FRProtector: Defeating Control Flow Hijacking Through Function-Level Randomization and Transfer Protection
SECURECOMM
Springer
DOI: 10.1007/978-3-319-78813-5_34
Abstract
Return-oriented programming (ROP) and jump-oriented programming (JOP) are two most common control-flow hijacking attacks. Existing defenses, such as address space layout randomization (ASLR) and control flow integrity (CFI) either are bypassed by information leakage or result in high runtime overhead. In this paper, we propose , an effective way to mitigate these two control-flow hijacking attacks. shuffles the functions of a given program and ensures each function is executed from the entry block by comparing the unique label for it at and indirect . The unique label is generated by XORing the stack frame with return address instead of with a random value and it is saved in a register rather than on the stack. We implement on LLVM 3.9 and perform extensive experiments to show only adds on average 2% runtime overhead and 2.2% space overhead on SPEC CPU2006 benchmark programs. Our security analysis on RIPE benchmark confirms that is effective in defending control-flow hijacking attacks.