5 research outputs found
FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking
We present the design, implementation, and evaluation of FineIBT: a CFI
enforcement mechanism that improves the precision of hardware-assisted CFI
solutions, like Intel IBT and ARM BTI, by instrumenting program code to reduce
the valid/allowed targets of indirect forward-edge transfers. We study the
design of FineIBT on the x86-64 architecture, and implement and evaluate it on
Linux and the LLVM toolchain. We designed FineIBT's instrumentation to be
compact, and incur low runtime and memory overheads, and generic, so as to
support a plethora of different CFI policies. Our prototype implementation
incurs negligible runtime slowdowns (0%-1.94% in SPEC CPU2017 and
0%-1.92% in real-world applications) outperforming Clang-CFI. Lastly,
we investigate the effectiveness/security and compatibility of FineIBT using
the ConFIRM CFI benchmarking suite, demonstrating that our nimble
instrumentation provides complete coverage in the presence of modern software
features, while supporting a wide range of CFI policies (coarse- vs. fine- vs.
finer-grain) with the same, predictable performance
FairTest: Discovering Unwarranted Associations in Data-Driven Applications
In a world where traditional notions of privacy are increasingly challenged
by the myriad companies that collect and analyze our data, it is important that
decision-making entities are held accountable for unfair treatments arising
from irresponsible data usage. Unfortunately, a lack of appropriate
methodologies and tools means that even identifying unfair or discriminatory
effects can be a challenge in practice. We introduce the unwarranted
associations (UA) framework, a principled methodology for the discovery of
unfair, discriminatory, or offensive user treatment in data-driven
applications. The UA framework unifies and rationalizes a number of prior
attempts at formalizing algorithmic fairness. It uniquely combines multiple
investigative primitives and fairness metrics with broad applicability,
granular exploration of unfair treatment in user subgroups, and incorporation
of natural notions of utility that may account for observed disparities. We
instantiate the UA framework in FairTest, the first comprehensive tool that
helps developers check data-driven applications for unfair user treatment. It
enables scalable and statistically rigorous investigation of associations
between application outcomes (such as prices or premiums) and sensitive user
attributes (such as race or gender). Furthermore, FairTest provides debugging
capabilities that let programmers rule out potential confounders for observed
unfair effects. We report on use of FairTest to investigate and in some cases
address disparate impact, offensive labeling, and uneven rates of algorithmic
error in four data-driven applications. As examples, our results reveal subtle
biases against older populations in the distribution of error in a predictive
health application and offensive racial labeling in an image tagger.Comment: 27 pages, 12 figure