Proconda -- Protected Control Data by Walter, Marie-Therese et al.
Proconda
Protected Control Data
Marie-Therese Walter, David Pfaff, Stefan Nu¨rnberger, and Michael Backes
CISPA Helmholtz Center for Information Security
Saarland Informatics Campus
Abstract
Memory corruption vulnerabilities often enable attackers to take control of a
target system by overwriting control-flow relevant data (such as return addresses
and function pointers), which are potentially stored in close proximity of related,
typically user-controlled data on the stack.
In this paper, we propose ProConDa, a general approach for protecting
control-flow relevant data on the stack
ProConDa leverages hardware features to enforce a strict separation be-
tween control-flow relevant and regular data of programs written in non-memory-
safe languages such as C. Contrary to related approaches, ProConDa does not
rely on information hiding and is therefore not susceptible to several recent
attacks specifically targeting information hiding as a foundation for memory
isolation.
We show that ProConDa enforcement is compatible with existing software
by applying a software-based prototype to industry benchmarks on an ARM
CPU running Linux.
1 Introduction
In the last several years, a seemingly unstoppable amount of attacks have sur-
faced that exploit buffer overflows, dangling pointers and other related memory
corruption vulnerabilities. They all have in common that the attacker manages
to divert the control flow of a vulnerable program, thereby enabling them to
either skip code (e.g. password checks), run a function that was not supposed to
be executed (e.g. copy file) or even run an arbitrary chain of instructions using
Return-Oriented Programming (ROP) [22] techniques.
While the majority of these vulnerabilities could be avoided by using memory-
managed languages (e.g. Java), many features of unmanaged languages have
become deeply ingrained in existing software and cannot be adapted due to per-
formance and portability concerns. Similarly, enhancing existing software with
memory safety features often comes at a significant cost [19]. Because of these
ar
X
iv
:1
90
9.
03
75
8v
1 
 [c
s.C
R]
  9
 Se
p 2
01
9
obstacles, many early defensive mechanisms against memory corruption vulner-
abilities focused on providing light-weight security guarantees with only small
impacts on performance.
Data Execution Prevention (DEP) was one of the first popular, low-overhead
protection mechanisms. It successfully prevents any type of code-injection at-
tacks by preventing an attacker-controlled call stack from carrying executable
code. However, the stack can still hold control-flow relevant data such as func-
tion pointers and return addresses. Hence, the attacker can still gain control of
the execution path and can selectively direct control flow to appropriate code
locations marked as executable. Such techniques are commonly referred to as
code re-use attacks.
The most fundamental approach for addressing code re-use attacks is Control
Flow Integrity (CFI) [1,2,7]. At each control flow branch, CFI checks whether
the actual control flow target is still identical to the originally intended control
flow. Unfortunately, this approach can only detect the attack at a point after the
control flow data has already been corrupted and the program counter is about
to jump to an unintended location. At this point, the memory, and therefore the
state of the program, have long been tampered with and it is not possible for
the program to recover into a known-good state.
The only way to stop all memory corruption exploits is to enforce complete
memory safety [24] as done by memory-managed languages like Java. For unman-
aged languages like C, a multitude of defenses have been proposed that either
try to enforce spatial or temporal memory safety. While approaches focused on
spatial memory safety mostly work by restricting pointer or object bounds, tem-
poral memory safety approaches usually use additional allocation information to
check if a pointer or object is still valid [24].
Like CFI, however, these approaches also do not defend against the initial
corruption of the control flow data. Therefore, program recovery is impossible.
1.1 Our Approach
In this paper, we present ProConDa, a method for protecting control data that
identifies and prevents control flow exploits one stage earlier than CFI, namely
when the control-flow relevant data (control data) is manipulated on the stack.
ProConDa consists of a general framework that uses a fine-grained form of
access control to ensure the integrity of control data when the data is written.
The key idea of ProConDa is to detect and prevent unintended writes to
control data based on who (which instruction) attempts to write control data.
ProConDa utilizes the memory management unit (MMU) of the processor
to trip on write attempts to control data on the stack and then detect which
instruction attempted to write control data. The code location of this write
instruction—the Write Instruction Origin (WIO)—enables us to distinguish be-
tween instructions that are actually allowed to write control data and unwanted
side effects of another memory access. The negative performance impact of check-
ing each write attempt is avoided by augmenting legitimate write instructions
with code that announces the imminent changes. This ensures that all other
2
write instructions, which did not announce their intent to write to control data
on the stack, will have their access to these data denied. The actual control flow
change, i.e., reading control data and jumping to the respective address, does not
need to be protected since ProConDa ensures that it has not been tampered
with. Therefore, ProConDa renders additional CFI checks obsolete.
1.2 Contribution
In detail, this paper makes the following contributions:
– We present a method to systematically and programmatically identify legit-
imate control data writes.
– We present an effective method to check the write instruction origin (WIO)
by rewriting programs such that they announce upcoming legitimate writes,
thereby making it possible to catch un-announced illegal write attempts.
– Identifying illegitimate write attempts rather than their consequences such
as unintended control flow changes, allows us to pinpoint the exact location
of an error, i.e. the location of the vulnerable code snippet, and hence enables
more targeted bug fixing.
– As a proof of concept, we provide a prototypical software-only implementa-
tion of our approach targeting the ARM architecture for Linux platforms.
2 Attacker Model
Similar to Code Pointer Integrity [16], we assume that an attacker can fully
control the process memory but cannot modify the code segment, as it is by
default write-protected. In contrast to traditional techniques like ASLR, Pro-
ConDa does not employ a form of information hiding as a defense mechanism
but rather arranges control data (i.e. data that will eventually be used as input
to control flow instructions) in a separate, write-protected memory region. Since
writing to this region is restricted to legitimate write instructions and therefore
prohibited for all other instructions, we assume that an attacker also cannot
manipulate this special memory region to divert control flow.
Additionally, we assume that an attacker cannot read the value of special
registers reserved by the compiler and that the kernel does not save any user-
level registers in user accessible memory when memory switches occur. This is
congruent with the assumptions from CCFI [17].
Like for other CFI-related approaches, the focus of our approach also lies on
control-flow hijacking attacks that are mounted by exploiting memory corruption
errors in the program. Hence, we aim to prevent the attacker from gaining control
over control-flow relevant registers such as the the program counter (pc) or the
link register (lr), which is used to handle return addresses in ARM.
To achieve this goal, ProConDa enforces WIO checks to guarantee the
integrity of data used to influence these registers. ProConDa therefore de-
fends against memory corruption attacks, such as buffer overflow exploits, for-
3
mat string exploits, or dangling pointers. As a result, ProConDa protects pro-
grams against a range of return-oriented programming flavors such as counterfeit
object-oriented programming [21] or control-flow bending [4].
3 Design
ProConDa aims at providing access control for write attempts to control-flow
relevant data on the stack by preventing access attempts, which are not re-
flected in the program semantics. Any attempt to abuse general purpose write
instructions to overwrite control data is detected and prevented.
While it is hard for static analysis to enumerate where control flow might
jump to, it is possible to accurately identify the positions in code where control
flow is changed and where control data is written. We use this observation to
implement access control based on which instruction is attempting to overwrite
control data. If a write access is attempted by an instruction that normally does
not write control data, it is considered to be unintended and is prevented by
ProConDa in-line checks during run-time.
ProConDa uses the code locations of write instructions to distinguish them.
An access control check for write attempts can therefore be reduced to finding the
write instruction’s code location in a list of statically extracted allowed locations.
Consequently, manipulations of control data originating from a location not on
this list must be a result of write attempts intended for other data. We call the
code location of a write instruction the Write Instruction Origin (WIO).
Address Mnemonic
10B4 PUSH {r3, lr}
10B8 LDRB r3, [r1, #0]
10BC CMP r3, #0
10C0 STRB r3, [r2]
10C4 ADD r1, r1, #1
10C8 ADD r2, r2, #1
10CC BNE 10B8
10D0 POP {r3, pc} Read of Control Data
Intentional Write of
Control Data
Side Effect
Stack
Addr Value
7FC4 'e'
7FB3 's'
7FB2 't'
7FB1 \0
7FB0 r3
7FAC Return ptr
Fig. 1: Disassembly of function strcpy and its stack layout.
Consider the example snippet of ARM assembly for the function strcpy
depicted in Figure 1. This function is vulnerable to a buffer overflow because
it does not check if the destination pointer r2 exceeds the allocated space of
the destination buffer on the stack. In the example in Figure 1, the destination
buffer is four bytes long and, when overflown, will point to the stored value of
r3 and eventually to the return pointer at 0x7FAC.
To better understand this vulnerability, let us analyze the code snippet in
reverse, starting at the last instruction: POP {r3, pc}. The instruction POPs the
4
value stored at address 0x7FAC from the stack into the program counter pc.
Using this address, which is of course only valid in the scope of strcpy, we
can track back which part of the code writes data to that particular address
by means of static analysis. In this case, the PUSH instruction at 0x10B4 is the
only instruction that is intended to write to 0x7FAC. Therefore, any other write
attempt to 0x7FAC constitutes an unintended write. ProConDa builds upon
this fact and identifies such illegitimate write attempts.
ProConDa is designed to operate in three phases. The first phase statically
analyses the program to find control-flow relevant data (control data) on the
stack, while the second phase uses backwards slicing to identify which instruc-
tions are intended to write to that control data. The first two phases only need to
be applied once and produce a rewritten version of the program’s assembler code
with the desired write origin checks embedded in the code. The third phase takes
place during the execution of the program. After compiling the program using
the newly secured assembler files, WIO checks are automatically performed by
the program at run-time.
3.1 Phase 1: Control Data Identification
In the first phase, ProConDa identifies all vulnerable control data on the stack
by inspecting the set of instructions that are able to change control flow. To this
end, ProConDa distinguishes between three types of instructions:
1. Instructions that only advance control to the next instruction (fall-through)
2. Instructions with a hard-coded control-flow destination
3. Instructions whose destination is supplied by a register or memory location
The first two types are considered harmless as their control-flow destination
is hard-coded in the program and the code segment is write-protected. Type 3,
however, is of our interest as the destination could have been tampered with by
an attacker. A register or memory location used by such an instruction contains
control data. This data directly influences the control flow. Since control data
is not syntactically different from any other data, it can only be identified by
inspecting its usage.
In the example in Figure 2, the only instruction that changes control-flow is
the POP instruction stored at 0x10D0. This instruction pops an address from the
stack and overwrites the current program counter pc, thereby changing control
flow. Hence, the second value on the stack can be classified as being control
data, because it is used as control flow data when this instruction is executed.
By marking the logical position as control data, we can use backwards slicing to
detect where it was written (phase 2) in order to find the corresponding write
instruction and its WIO, the code location of the instruction relative to the entry
point of the program. Later in phase 3, this WIO is used to decide whether a
write attempt is allowed or not.
Unlike the example here, there are cases where the control-flow destination
does not stem from memory directly. An overview of these cases and how they
are handled by ProConDa can be found in appendix A.
5
Address Mnemonic
10B4 PUSH {r3, lr}
10B8 LDRB r3, [r1, #0]
10BC CMP r3, #0
10C0 STRB r3, [r2]
10C4 ADD r1, r1, #1
10C8 ADD r2, r2, #1
10CC BNE 10B8
10D0 POP {r3, pc}
Control Data Source 
Graph
7FAC
sp+8
10B4
write
10C0
write
Non-Control
Data
r3
r2
r1
New Control Data @ 7FAC
Stack
Addr Value
7FC4 'e'
7FB3 's'
7FB2 't'
7FB1 \0
7FB0 r3
7FAC Return ptr
Fig. 2: Data Source Graph of the function strcpy shown in Figure 1.
3.2 Phase 2: Write Instruction Identification
In the second phase of ProConDa, write instructions that target the discovered
memory locations containing control data are identified using backwards slicing.
Since several write instructions may target the same memory location, we rep-
resent the discovered relation as a directed graph, the Data Source Graph: each
write instruction has a directed edge pointing to the control data it manipulates.
The direction of the edge corresponds to the write direction. The Data Source
Graph for our running example is shown in Figure 2.
In this example, the control data on the stack, which is the return address
of the function strcpy, can only be written by the PUSH instruction stored at
0x10B4. Consequently, 0x10B4, the address of the write instruction, has an edge
pointing to 0x7FAC, the address of control data, in the Data Source Graph. The
write instruction at 0x10C0 on the other hand should not manipulate the control
data at 0x7FAC and therefore does not have an edge in the Data Source Graph
pointing to this data.
In phase 3, the Data Source Graph can be used during execution of the
program to decide if a write access is intended or not. If the corresponding WIO
has an edge pointing to the affected control data in the Data Source Graph, the
write access is intended otherwise it is considered unintended.
3.3 Phase 3: Control Data Write Instruction Origin (WIO)
Checking
During execution of the program, each write access to control data (0x7FAC in
the example above) is monitored (WIO checking), while read access is always
allowed. Since the integrity of control data is checked on write attempts to that
data, enforcing an additional check on read access to that data is not necessary.
If the Data Source Graph shows that a write attempt was made by an in-
struction that does not have an edge pointing to the control data address in
question, it triggers a fault. In the Data Source Graph depicted in Figure 2,
an unintended write attempt by the STRB instruction stored at 0x10C0 is not
6
reflected as an edge in graph and hence would be caught. The program is then
intentionally aborted as the program state would be undefined after the control
data has been overwritten.
4 Implementation
To show the feasibility and effectiveness of our approach, we implement a software-
based prototype of ProConDa for an ARM CPU running a Linux kernel. Our
prototype consists of a tool-chain that first statically analyses the assembler files
of a program to identify potentially vulnerable code pointers and their locations
before using this information to dynamically identify legitimate write instruc-
tions to these pointers using hardware memory watchpoints. An explanation for
choosing assembly as a program representation for our analysis and for deciding
on the ARM as the underlying hardware section can be found in Appendix B.
In the following, we describe how our prototype implements the three Pro-
ConDa phases in detail.
4.1 Control Data Identification
For the first phase, we statically analyze a program’s assembler files to identify
registers that are used in a control-flow relevant instruction, e.g. registers used
in branch instructions as shown in Figure 3. In this example, we have a branch
instruction at location 0x10D4 using register r3. In contrast to static labels that
represent fixed code locations, the register can at this point contain an arbitrary
address that might have been influenced by user input earlier on. Therefore, we
mark the register as containing control data and remember the code location of
the branch instruction as its offset from either the entry point of the program, if
the instruction happens in the main function, or from the label of the function
that contains the instruction. This way of representing code locations is made
possible by the fact that in assembler, function names are represented as unique
labels that can be used to jump to specific points in the program. Therefore,
<functionLabel> + <offset> can be used to uniquely identify instructions by
their code locations, independent their actual memory address which might dif-
fer from run to run due to protection mechanisms like Address Space Layout
Randomization (ASLR).
We use the information about the register and the code location of the in-
struction to identify which base address has been loaded into the register before
the instruction is executed. In case of a chain of dereferencing instructions, the
base address is the last loaded address before the start of the dereferencing chain.
In all other cases, the base address is simply the last loaded address. The reason
for this differentiation between address types is that our prototype aims only at
protecting control data that is normally stored on the stack.
Once we have identified at which point in the program the base address is
loaded into the register, we remember the code location of the corresponding
7
load instruction. By remembering this location instead of the actual base ad-
dress, we avoid falsely marking memory addresses as control-flow relevant in
case protection mechanisms like ASLR are active.
In our example, we have read instructions using register r3 at 0x10CC and at
0x10C8. Since the read instruction at 0x10CC dereferences register r3 by loading
the content of the address contained in r3 into r3 itself, the base address in this
example can be found in the instruction at 0x10C8 where the content of sp-4
is loaded into r3. We therefore remember code location 0x10C8 as the location
of the instruction that loads the base address into register r3. We repeat this
process for all identified, control-flow relevant read instructions, resulting in a
list of code locations that load potentially control-flow relevant data (control
data) at runtime.
4.2 Write Instruction Identification
In the second phase, we generate backwards slices for all control-flow relevant ad-
dresses loaded by instructions at the code locations we identified in phase one. To
handle inter-procedural jumps and to restrict access to control-flow relevant data
to the instructions that actually require this access, we use the GNU Debugger
(GDB) to dynamically generate the backwards slices. GDB has the advantage
that it disables ASLR by default, i.e. running the program several times will
always yield the same control-flow relevant addresses. This lack of randomiza-
tion allows us to set watchpoints on all control-flow relevant addresses and then
run the program to identify the code locations of legitimate write instructions
for these addresses. As soon as an instruction changes the content of an address
with a watchpoint, GDB will pause the program execution and save the instruc-
tion that caused the change along with its code location, resulting in a list of
legitimate instructions and their code locations. As shown in Figure 3, for our
example, this step results in the write instruction at 0x10C4 being identified as
a legitimate write of control data. An explanation of how ProConDa achieves
sufficient program coverage in this step can be found in Appendix C.
After identifying legitimate write instructions using GDB, we use this infor-
mation to rewrite the program’s assembler files. First, we move all vulnerable
code pointers along with all return pointers to a special .proconda section that
is by default read-only and stored on a separate memory page. We then add
mprotect calls before and after each legitimate write instruction to temporarily
make the .proconda section writable just for that instruction. Finally, we update
all other legitimate references to code pointers contained in read instructions to
reflect their move to the .proconda section and compile the rewritten assembler
files into executable code. The result for our example is shown in Figure 3.
The reason for combining mprotect calls with a separate, write-protected
memory page in our prototype is that, at the time of its implementation, hard-
ware supported memory access control mechanisms like Intel MPK had been
announced but were not publicly available yet. Therefore, we used the afore-
mentioned combination to simulate a one-level access control mechanism. Since
8
Address Mnemonic
10B4 _Z9testb:
10B8 STMFD sp!, {fp}
10BC MPROTECT
10C0 STMFD pp!, {lr}
10C4 MPROTECT
10C8 ADD fp, sp, #4
10CC SUB sp, sp, #8
10D0 SUB pp, pp, #4
10D4 MPROTECT
10D8 STR r2, [pp, #0]
10DC MPROTECT
10E0 LDR r3, [pp, #0]
10E4 LDR r3, [r3]
10E8 LDR r0, [pp, #0]
10EC BLX r3
10F0 SUB sp, fp, #4
Address Mnemonic
10B4 _Z9testb:
10B8 STMFD sp!, {fp, lr}
10BC ADD fp, sp, #4
10C0 SUB sp, sp, #8
10C4 STR r2, [sp, #4]
10C8 LDR r3, [sp, #4]
10CC LDR r3, [r3]
10D0 LDR r0, [sp, #4]
10D4 BLX r3
10D8 SUB sp, fp, #4
10DC LDMFD sp!, {fp, pc}
Branch on Register Value
Reading Control Data
Writing Control Data
Push to Proconda Stack
Fig. 3: Identification of legitimate write instructions targeting control-
flow relevant data and the secured ProConDa assembly.
protection mechanisms like Intel MPK [14] may offer up to 16 access levels, fu-
ture ProConDa implementations could enforce a more fine-grained and efficient
access control mechanism beyond the capabilities of our current prototype.
4.3 Control Data Write Instruction Origin (WIO) Checking
This final phase takes place during execution of the newly secured program: since
only pre-identified, legitimate write instructions are allowed to actually access
the protected .proconda section, each attempt at modifying the data outside of
these instructions, e.g. by exploiting a buffer overflow vulnerability will result in
a segmentation fault, effectively crashing the program.
Pending on access to hardware features such as Intel MPK, future implemen-
tations of ProConDa will defer the handling of denied write attempts either to
the operating system or to the program itself to avoid these segmentation faults
and program crashes.
5 Evaluation
In this section we verify that the ProConDa mechanism is able to protect pro-
grams with memory corruption vulnerabilities by subjecting our prototypical im-
plementation to real-world exploits. Furthermore, we evaluate the performance
impact of the general idea of WIO checking as well as the performance impact
and the space requirements of its software emulation based on mprotect calls.
9
5.1 Runtime overhead evaluation
0%
50%
100%
150%
200%
250%
300%
350%
sjeng libq gobmk mfc bzip2 h264
(a) Software-simulated ProConDa
0%
1%
2%
3%
4%
5%
6%
sjeng libq gobmk mfc bzip2 h264
(b) Reference lower bound without
mprotect calls
Fig. 4: ProConDa run-time overhead using SPEC CPU2006.
The general idea behind ProConDa– distinguishing between different ori-
gins of instructions that write control data – is versatile and hence can be im-
plemented in different ways. While an optimal solution would rely on hardware
features to separate legitimate writes from illegitimate ones, current proces-
sors do not support such a feature yet. Intel MPX shares ProConDa’s goal of
protecting against memory corruption exploits, it uses bounds checking as its
protection mechanism and is therefore of no interest to us.
Since hardware support is not yet available, we utilize existing, software-
based tools1 to emulate and enforce memory access control. This is why in this
section, we perform two separate performance benchmarks: (1) an upper bound
estimate with a software-only emulation of memory protection mechanisms im-
plemented using mprotect, and (2) a lower bound estimation of the general
WIO idea that replaces the non-yet-existing hardware instructions with NOPs.
The idea behind using NOPs is that, in contrast to mprotect calls, NOPs and
hardware instructions do not cause context switches, which are costly in terms
of performance. Except for the WIO checking instructions (mprotect vs. NOP),
both performance benchmarks are set up identically.
We measured the performance overhead of the software simulation imple-
menting ProConDa on some of the SPEC CPU2006 integer benchmarks [23].
All experiments where performed on a Raspberry Pi 2 BCM2836 ARM proces-
sor chip running a Debian 8 OS with Linux kernel version 4.1.17. For the SPEC
benchmark, we selected all programs which were compatible with our ARM en-
vironment out-of-the-box and whose output was validated as the correct result.
The reported overhead is the average of 5 runs, the measured variance was neg-
ligible (standard deviation less than 0.5%).
1 In our case, we use the ability to create separate, read-only memory pages for certain
data and to selectively make these pages writable using mprotect calls.
10
The benchmarks were instrumented with WIO checks according to the Pro-
ConDa principle. The relative slow-down in performance gives the total over-
head of the ProConDa solution. The instrumentation for benchmarks (1) and
(2) differ as (1) is implemented using mprotect and runs on any processor ar-
chitecture running Linux. Benchmark setup (2) installs all the necessary con-
trol data separation into the .proconda section but omits the not-yet existing
hardware instruction to announce a legitimate write. It is basically identical to
benchmark (1) but without calls to mprotect as software emulation.
The results of the software simulated runs are shown in Figure 4a. In these
benchmarks, the runtime is largely dominated by the cost of syscall-induced
context switches. Furthermore, we observe that the effect heavily varies between
programs; upon manual inspection, we observed that the runtime increase is
caused by frequent invocation of small functions, of which each invocation re-
quires at least two mprotect calls to be simulated.
To faithfully assess the effect of context switches on the overall runtime, we
ran an additional set of benchmarks: during these runs, all the necessary control
data separation and instrumentation steps were performed, but the WIO check
instruction which announces a legitimate write was replaced by a NOP instruction
to avoid the context switch. In essence, this set of benchmarks is identical to
the previous one, but without the calls to mprotect that serve as a software
emulation of ProConDa’s WIO checking phase. Hence, this set of benchmarks
serves as a lower bound of performance impact of the approach provided sufficient
hardware support is available. The results are of pictured in Figure 4b.
5.2 Micro-Benchmark
Our software simulation requires the use of two mprotect calls per control-flow
relevant data write, and therefore its performance impact becomes more appar-
ent in cases with frequent function invocations (requiring that the lr register
is stored). Consequently, the comparison of the software simulation and the ref-
erence run shows that the overhead of the syscall-based simulation becomes
overwhelming in these cases. To better understand the absolute runtime im-
pact of a software simulated WIO check we run a micro benchmark containing
only WIO check invocations. The benchmarks consists of a 50000 sequences of
mprotect-simulated WIO checks for which the absolute execution time is mea-
sured. On average, the the benchmarks took 6.45µs to complete on average, with
a minimum runtime of 5.93µs and a maximum runtime of 7.72µs.
5.3 Memory Overhead
ProConDa introduces new instructions and a separate, specifically protected
memory region into processes. This causes the code to become more bloated and
additionally affects the memory requirements of affected programs. We analyzed
both the increase of instructions due to WIO checks as well as the ELF section
and program headers in memory during execution.
11
Additional instructions where inserted during program load to initialize the
protected memory segments, as well as during the WIO checks during runtime.
Figure 5a illustrates the increases in instruction counts of the reference imple-
mentation to the unmodified binaries. As can be seen, the number of WIO checks
varies heavily between 3.51% on the lower and 19.66% on the high end of the
scale. On manual inspection, we found that heavily recurrent program structures
with small functions such as in gobmk and sjeng are the most heavily affected.
The increases of the memory footprint produced by the instrumented SPEC
CPU2006 benchmarks is shown in Figure 5b. This value incorporates both the
protected memory region (at least on page, i.e. 4096KB) and the additional
instructions needed to handle the WIO checks. On average, a reference imple-
mentation’s memory footprint was 1.96% larger compared to a stock binary.
0%
5%
10%
15%
20%
sjeng libq gobmk mfc bzip2 h264
(a) Increases in instructions count of
ProConDa-instrumented binaries.
0,00%
0,50%
1,00%
1,50%
2,00%
2,50%
3,00%
sjeng libq gobmk mfc bzip2 h264
(b) Memory footprint of ProConDa
ELF files.
Fig. 5: ProConDa memory overhead measured on SPEC CPU2006.
5.4 Effectiveness in preventing unintended control data corruption
Application Memory corruption vulnerability Prevented
ncompress 4.2.4 Global buffer overflow X
polymorph 0.40 Global buffer overflow X
htget 0.93 Local buffer overflow X
Table 1: Exploit benchmarks with their respective vulnerabilities.
ProConDa protects control data by allowing only intentional writes to mod-
ify such data. Writes that were never supposed to touch control data are detected
and their access is prevented before any data is tampered with. To evaluate the
effectiveness of the ProConDa protection mechanism, we first evaluate the
12
amount of code coverage achieved by ProConDa’s analysis before evaluating
its ability to protect against memory corruption exploits.
The reason for the coverage evaluation is that like all dynamic approaches,
ProConDa requires that the test inputs for a program, i.e. the test cases,
achieve a high code coverage, i.e. that all relevant, executable program paths
containing control data write instructions are actually executed. The quality of
the test cases therefore heavily impacts the effectiveness of the approach in real-
world use cases. The test cases used by the ProConDa analysis, including the
Spec CPU2006 benchmarks, all achieved over 92% basic block coverage [13].
To evaluate the effectiveness of ProConDa in preventing illegitimate writes
to control data, we applied ProConDa to programs with well-documented se-
curity violations (cf. Table 1). The vulnerabilities in these samples represent a
mixture of one or more write overflows on local and global control flow values.
ProConDa successfully prevents the corruption of control data in all cases.
6 Related Work
Over the last few years, code reuse attacks and their mitigation has resem-
bled an ongoing cat and mouse game. Many mitigation techniques address the
code reuse problem by trying to enforce the intended control flow of a program
([1,3,27,26,25,15,7,17,17,18,5]) or by protecting the return pointers of the pro-
gram against manipulation ([6,16]).
Based on the ground-breaking work by Abadi et al. [1], a variety of Control-
Flow Integrity (CFI) approaches has been proposed that improve different as-
pects of CFI enforcement. BinCFI [27] and CCFIR [26] are practical, low-
overhead approaches that aim at protecting binaries by enforcing a coarse-
grained form of CFI. Unfortunately, due to their coarse-grained nature, both
techniques can be bypassed as shown by Go¨ktas et al. [11] and Davi et al. [8].
VTV [25] and SafeDispatch [15] are two fine-grained, compiler-level CFI ap-
proaches that aim specifically at protecting vtables. While both are able to
reliably protect against COOP attacks [21], they provide no security guaran-
tees against classical ROP exploits [9]. HAFIX [7], Opaque CFI (O-CFI) [18]
and PointGuard [6] are approaches that rely on information hiding mechanisms
to efficiently enforce control flow. As stated by Abadi et al. [1] and later on
underlined by Evans et al. [10], information hiding schemes trade strong secu-
rity guarantees for a lower runtime overhead, but are therefore prone to getting
circumvented eventually.
In contrast to the aforementioned schemes, which focus on keeping the con-
tents of control-flow relevant elements safe by hiding them from an attacker,
Mashtizadeh et al. [17] propose Cryptographic CFI (CCFI), an approach that
protects the integrity of control-flow relevant elements using message authenti-
cation codes (MACs).
One of the main problems in the practical deployment of CFI is the trade-off
between overhead and security, i.e. coarse-grained approaches work faster and
are therefore more practical, but also more insecure, whereas fine-grained ap-
13
proaches usually incur such a high overhead that their practical deployment be-
comes impossible. Therefore, Kutznetsov et al. [16] have introduced Code Pointer
Integrity (CPI), an approach that aims to enforce memory safety for all code
pointers in a program while keeping a low overhead.
ProConDa follows the same idea as CPI concerning the separation of code
pointers into a separate memory segment. However, the mechanism by which
CPI secures these pointers is based on information hiding. Recent research by
Go¨ktas¸ et al. [12] and Oikonomopoulos et al. [20] independently show serious,
generic attacks on entropy-based information hiding schemes, concluding that
the trust in defenses based on hidden memory regions is misplaced. In contrast
to the CPI approach, ProConDa does not rely on information hiding to secure
memory segments, thus circumventing the vulnerabilities of information hiding
and data pointer overwrites as described Evans et al. [10]. Instead, we create a
map between code sections and pointers and implement a form of access control
that only allows legitimate code sections to change the respective pointers.
In this regard, ProConDa is most similar to the Write Integrity Testing
(WIT) approach by Akritidis et al. [3]. WIT prevents instructions from modify-
ing objects they are not allowed to modify by first computing the control-flow
graph and the set of objects that can be written by each instruction at compile
time. Then it assigns a color to each write instruction and each object in the
program and uses the resulting color table in an additional compilation phase
to insert checks into the code to compare the color of each write instruction
with the color of the memory location it tries to write to. If the colors do not
match, a security exception is raised. ProConDa also enforces write integrity
by matching instructions with the set of objects they are allowed to write to. In
contrast to WIT, we do not use a coloring scheme to check for possible violations
but instead employ access control mechanisms.
ProConDa is the to the best of our knowledge the first approach to com-
bine CPI principles with hardware supported memory access control and write
instruction origin checking.
7 Conclusion
This paper presents ProConDa, a novel technique to defend against the root
cause of memory corruption exploits: illegitimate writes that manipulate control
flow. ProConDa effectively protects control data by write origin checking with-
out relying on information hiding. We implemented a software-based prototype of
the ProConDa enforcement mechanism on an ARM CPU running a Linux ker-
nel. This prototype statically analyzes the assembler files of a program to identify
memory addresses and registers containing control-flow relevant data and uses
this information to detect write attempts to this data using backwards slicing.
All legitimate write accesses to control-flow relevant data are then encapsulated
with mprotect syscalls that regulate access to a special, write-protected memory
region, in which all control-flow relevant elements are stored. The software-based
emulation of the ProConDa enforcement is effective on real-world exploits and
14
incurred an runtime overhead ranging from 40% to 300% and an average memory
overhead of 2% on the popular SPEC benchmark. A separate evaluation using a
micro benchmark has shown that this overhead can be almost wholly attributed
to our use of mprotect syscalls to simulate a hardware-supported write access
control mechanism. A reference implementation simulating the usage of proper
hardware support incurred, on average, a runtime overhead of 4%.
References
1. Abadi, M., Budiu, M., Erlingsson, U´., and Ligatti, J. Control-flow integrity.
In ACM Conference on Computer and Communication Security (CCS) (Alexan-
dria, VA, 2005), pp. 340–353.
2. Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. Control-flow integrity
principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. 13, 1
(2009), 4:1–4:40.
3. Akritidis, P., Cadar, C., Raiciu, C., Costa, M., and Castro, M. Preventing
memory error exploits with wit. In Proceedings of the IEEE Symposium on Security
and Privacy (2008), IEEE.
4. Carlini, N., Barresi, A., Payer, M., Wagner, D., and Gross, T. R. Control-
flow bending: On the effectiveness of control-flow integrity. In 24th USENIX Se-
curity Symposium (USENIX Security 15) (Washington, D.C., 2015), USENIX As-
sociation, pp. 161–176.
5. Christoulakis, N., Christou, G., Athanasopoulos, E., and Ioannidis, S.
Hcfi: Hardware-enforced control-flow integrity. In Proceedings of the Sixth ACM
Conference on Data and Application Security and Privacy (New York, NY, USA,
2016), CODASPY ’16, ACM, pp. 38–49.
6. Cowan, C., Beattie, S., Johansen, J., and Wagle, P. Pointguard: Protecting
pointers from buffer overflow vulnerabilities. In In Proc. of the 12th Usenix Security
Symposium (2003).
7. Davi, L., Hanreich, M., Paul, D., Sadeghi, A., Koeberl, P., Sullivan, D.,
Arias, O., and Jin, Y. HAFIX: hardware-assisted flow integrity extension. In
Proceedings of the 52nd Annual Design Automation Conference, San Francisco,
CA, USA, June 7-11, 2015 (2015), pp. 74:1–74:6.
8. Davi, L., Sadeghi, A.-R., Lehmann, D., and Monrose, F. Stitching the gad-
gets: On the ineffectiveness of coarse-grained control-flow integrity protection. In
23rd USENIX Security Symposium (USENIX Security 14) (San Diego, CA, 2014),
USENIX Association, pp. 401–416.
9. Davi, L., Sadeghi, A.-R., Lehmann, D., and Monrose, F. Stitching the gad-
gets: On the ineffectiveness of coarse-grained control-flow integrity protection. In
23rd USENIX Security Symposium (USENIX Security 14) (San Diego, CA, 2014),
USENIX Association, pp. 401–416.
10. Evans, I., Fingeret, S., Gonzalez, J., Otgonbaatar, U., Tang, T., Shrobe,
H., Sidiroglou-Douskos, S., Rinard, M., and Okhravi, H. Missing the
point(er): On the effectiveness of code pointer integrity. In Security and Privacy
(SP), 2015 IEEE Symposium on (2015), pp. 781–796.
11. Goktas, E., Athanasopoulos, E., Bos, H., and Portokalidis, G. Out of
control: Overcoming control-flow integrity. In Security and Privacy (SP), 2014
IEEE Symposium on (2014), pp. 575–589.
15
12. Go¨ktas¸, E., Gawlik, R., Kollenda, B., Athanasopoulos, E., Portokalidis,
G., Giuffrida, C., and Bos, H. Undermining information hiding (and what to
do about it). In 25th USENIX Security Symposium (USENIX Security 16) (Austin,
TX, Aug. 2016), USENIX Association, pp. 105–119.
13. Gove, D., and Spracklen, L. Evaluating the correspondence between training
and reference workloads in spec cpu2006. ACM SIGARCH Computer Architecture
News 35, 1 (2007), 122–129.
14. Intel Corporation. System programming guide, part 1. In IntelR© 64 and IA-32
Architectures Software Developer’s Manual (2013), vol. 3A.
15. Jang, D., Tatlock, Z., and Lerner, S. Safedispatch: Securing c++ virtual
calls from memory corruption attacks. In Symposium on Network and Distributed
System Security (NDSS) (2014).
16. Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R., and Song,
D. Code-pointer integrity. In 11th USENIX Symposium on Operating Systems De-
sign and Implementation (OSDI 14) (Broomfield, CO, 2014), USENIX Association,
pp. 147–163.
17. Mashtizadeh, A. J., Bittau, A., Boneh, D., and Mazie`res, D. Ccfi: Cryp-
tographically enforced control flow integrity. In Proceedings of the 22Nd ACM
SIGSAC Conference on Computer and Communications Security (New York, NY,
USA, 2015), CCS ’15, ACM, pp. 941–951.
18. Mohan, V., Larsen, P., Brunthaler, S., Hamlen, K., and Franz, M. Opaque
control-flow integrity. Symposium on Network and Distributed System Security
(NDSS) (2015).
19. Nagarakatte, S., Zhao, J., Martin, M. M., and Zdancewic, S. Cets: Com-
piler enforced temporal safety for c. In Proceedings of the 2010 International Sym-
posium on Memory Management (New York, NY, USA, 2010), ISMM ’10, ACM,
pp. 31–40.
20. Oikonomopoulos, A., Athanasopoulos, E., Bos, H., and Giuffrida, C. Pok-
ing holes in information hiding. In 25th USENIX Security Symposium (USENIX
Security 16) (Austin, TX, Aug. 2016), USENIX Association, pp. 121–138.
21. Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.-R., and
Holz, T. Counterfeit object-oriented programming: On the difficulty of preventing
code reuse attacks in c++ applications. In Security and Privacy (SP), 2015 IEEE
Symposium on (2015), pp. 745–762.
22. Shacham, H. The geometry of innocent flesh on the bone: Return-into-libc without
function calls (on the x86). In Proceedings of CCS 2007 (2007), S. De Capitani di
Vimercati and P. Syverson, Eds., ACM Press, pp. 552–61.
23. Spradling, C. D. Spec cpu2006 benchmark tools. ACM SIGARCH Computer
Architecture News 35, 1 (2007), 130–134.
24. Szekeres, L., Payer, M., Wei, T., and Song, D. Sok: Eternal war in memory.
In Security and Privacy (SP), 2013 IEEE Symposium on (2013), IEEE, pp. 48–62.
25. Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, U´.,
Lozano, L., and Pike, G. Enforcing forward-edge control-flow integrity in gcc
& llvm. In 23rd USENIX Security Symposium (USENIX Security 14) (San Diego,
CA, 2014), USENIX Association, pp. 941–955.
26. Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song,
D., and Zou, W. Practical control flow integrity and randomization for binary
executables. In Security and Privacy (SP), 2013 IEEE Symposium on (2013),
pp. 559–573.
27. Zhang, M., and Sekar, R. Control flow integrity for cots binaries. In Usenix
Security (2013), pp. 337–352.
16
28. Zhu, H., Hall, P. A. V., and May, J. H. R. Software unit test coverage and
adequacy. ACM Comput. Surv. 29, 4 (1997), 366–427.
Appendix A Identifying control data memory locations
While the example given in Section 3.1 illustrates the case where a control-
flow destination stems from memory directly, there are also cases where there
is an arbitrary number of registers in between to carry a value from memory
to a control-flow relevant instruction. For instance, BX r5 (‘Extended Branch
to r5’) jumps to the address stored in the register r5. At an earlier point in
the program, the value of r5 must either be loaded from memory (.e.g, LDR
r5,=0x0a130000) or calculated as an offset to the program counter pc. In case
the register is loaded from memory, the corresponding memory address must then
contain control data. Another, although rarer case, is the use of arithmetics to
calculate the code address. In compiled ARM code, this can only be seen in
optimized jump tables. For example, ADD pc, r3, #8 can be used to represent
a switch(r3) C-statement in which each possible case-target for r3 is 8 bytes
apart. In this case, r3 can be considered control data itself as it can influence
pc to jump arbitrarily in multiples of 8.
ProConDa handles these cases by tracking each register used in a control
flow instruction back to a memory location (in the form of an offset to the stack
base), which is then marked as containing control data. Table 2 gives an overview
of all ARM instructions that change control flow. Note that on ARM, it is indeed
possible to perform arithmetic operations on control-flow relevant registers like
the program counter, pc. This makes ARM an interesting target architecture for
approaches like ProConDa that focus on protecting the integrity of a program’s
control flow.
Instruction Meaning
B, BX Branch
BL, BLX Branch and Link
POP {pc} Branch and Link
LDR pc [...] Branch and Link
ADD pc, r1, r2 Jump to r1 + r2
ADD pc, pc, r2 Relative jump by r2 bytes
Table 2: ARM Control Flow Instructions that operate on registers or
RAM.
17
Appendix B Targeting the ARM Assembly
In the following, we will first explain the advantages of choosing assembly as a
program representation for our analysis before elucidating our decision to use
ARM as the underlying hardware architecture for our prototype.
B.1 Targeting Low-level Assembly
In order to keep our prototype independent of the specifics of a programming
language or compiler, our static analysis phase works directly on the assembler
files of the program. Since the structure and the instructions in assembler code
only depend on the underlying architecture and not on the programming lan-
guage that was used to create the original program, our ProConDa prototype
can handle programs written in a variety of languages. Moreover, we avoid the
problem of programs implementing undefined behavior, which is then handled
differently from compiler to compiler.
Another compiler-related reason for choosing assembly as the underlying pro-
gram representation for our analysis is that some control relevant data is only
generated at the very end of a compilation pass (e.g. GOT pointers and jump ta-
bles). Consequently, these pointers are not part of the IR during the compilation,
and would require additional modifications of the code after the code generation.
Implementing our approach as part of a compiler suite would therefore severely
affect the compilers architecture beyond their intended design and functionality.
Targeting the program assembly, instead, does not affect the previous compila-
tion steps and naturally fits into the usual sequence of compilation and linking
as an immediate step. This is a trade-off: we can leave the compiler suite infras-
tructure intact, but instead of working on a very expressive and generic IR we
have to tailor the changes ProConDa introduces to specific architectures.
Last but not least, exploits are architecture-specific and manifest themselves
differently based on the architecture the program was compiled for. Hence, we
can use assembler code as a common target for a specific architecture.
B.2 Targeting the ARM Architecture
Choosing ARM over x86 as the underlying architecture has a practical as well
as a research-specific advantage. From a practical point of view, ARM offers a
fixed-length instruction set that facilitates the computation of offsets between
different points in a program’s assembler code. These offsets are used to identify
the code locations of legitimate write instructions (represented as offsets from
the main entry point or the last called function, respectively) and to instrument
these instructions with code enabling the upcoming legitimate writes to the
protected memory area.
From a research-specific point of view, ARM is the more interesting architec-
ture for analyzing flows between control data as it allows arithmetic operations
on control-flow relevant registers like pc. Thus, there are more interesting sce-
narios to run ProConDa’s analysis and enforcement mechanism against.
18
Despite the current focus on ARM, an adaptation of the prototype to x86
would only require minor changes regarding the instruction handling and only a
small extension to our analysis. Lacking hardware support, the basic protection
mechanism makes use of mprotect syscalls to allow legitimate instructions to
write to the otherwise protected ProConDa section. It is therefore independent
of the underlying hardware architecture.
Appendix C Achieving Sufficent Program Coverage
Ideally, what we would like to achieve in ProConDa’s Write Instruction Iden-
tification phase is known as full path coverage in the area of software testing,
i.e. every path through a program should be executed at least once. However,
path coverage and similar test coverage criteria have been shown to be infeasible
in practice due to a number of reasons such as the presence of loops or dead
code [28].
As finding and defining feasible coverage criteria along with the methods to
fulfil them constitutes its own research area and is therefore out of scope for this
paper, we instead use a simpler, more practical approach.
To achieve the best possible coverage of all program paths that can actually
be executed we select program inputs as follows: For each input, we first deter-
mine the domain of the input, e.g. for an integer type input, we have possible
inputs ranging from INTEGER MIN VALUE to INTEGER MAX VALUE. Based on the
domain, we then select input values that not only are part of the domain itself
but that also include boundary values, i.e. in the case of integers, we include both
INTEGER MIN VALUE and INTEGER MAX VALUE. Afterwards, we combine these in-
puts into test sets for each program so that the best possible coverage is achieved
given the restrictions imposed by the dynamic nature of our approach.
Since our inputs are regular and do not attempt to exploit the program in
any way, the resulting accesses to the control-flow relevant addresses identified
before and the instructions that execute them are considered legitimate.
19
