CloudCFI: Context-Sensitive and Incremental CFI in the Cloud Environment

Control-Flow Integrity (CFI) is one of the most promising techniques against control-flow hijacking attacks. For Commercial Off-the-Shelf (COTS) binaries, a number of solutions provide coarse-grained CFI and thus are context-insensitive, while having the benefit of introducing a low runtime overhead. However, they can hardly defend against elaborately designed attacks due to the inaccuracy of the Control-Flow Graphs (CFGs). This paper presents CloudCFI, a context-sensitive and incremental CFI, which specifically makes full use of the characteristic of the cloud environment, where multiple instances of a software run on multiple virtual machines, and the control flow checking result from one software instance could be utilized to handle the control-hijacking occurred on other sibling instances. In CloudCFI, the accuracy of the control flow checking can be continuously increased to offer the incremental CFI, and a context-sensitive CFI policy is enforced to determine the validity of the control flow of the execution path through checking the entire execution path instead of the single edge or partial edges in the execution path. CloudCFI includes the static phase and the runtime phase respectively. Control-flow information and basic-block information is collected through emulation execution in the static phase, and the execution paths are tracked in runtime phase to collect process-tracking information. Next, it recovers the execution path by using basic-block information and process-tracking information, and checks the validity of the control flow by using the control-flow information. A prototype system is implemented and evaluated from several aspects using RIPE and SPEC benchmarks, as well as real-world cloud applications, Memcached and Redis. The evaluation results show that CloudCFI can defend against most common control-flow hijacking attacks. Meanwhile, it only introduces a low runtime performance overhead.