# Protecting The Code Control-flow Enforcement Technology Oren Benita Ben Simhon Monday, April 16, 2018 ### **Disclaimers** - Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. Learn more at Intel.com, or from the OEM or retailer. - You may not use or facilitate the use of this document in connection with any infringement or other legal analysis concerning Intel products described herein. You agree to grant Intel a non-exclusive, royalty-free license to any patent claim thereafter drafted which includes subject matter disclosed herein. - No license (express or implied, by estoppel or otherwise) to any intellectual property rights is granted by this document. - Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade. - No computer system can be absolutely secure. - Intel and the Intel logo are trademarks of Intel Corporation or its subsidiaries in the U.S. and/or other countries. - Copyright © Intel Corporation ## Overview & Agenda Motivation & Overview Shadow Stack Indirect Branch Tracking Analysis & Summary ## **ROP Attack** ### **Manipulating The Stack** ## Motivation & Overview ## ROP Attack ## **Using Unintended Gadgets** %al ### **Overview** - Intel Arch allows instruction decoding to start from any byte - Intel Arch has variable length instruction - Attackers scan the code for meaningful snippets (gadgets) - Attacker can execute chained gadgets Motivation & Overview # ROP Attack Is It That Critical? \* Tim Rains, David Weston, Matt Miller. Exploitation Trends: From Potential Risk to Actual Risk. In RSA conference 2015. Motivation & Overview ## Similar Attack Techniques #### JOP - Jump Oriented Programming Each gadget block ends with JMP instruction #### **COP - Call Oriented Programming** Each gadget block ends with Call instruction \* Tyler Bletsch, Xuxian Jiang, Vince Freeh. Jump-Oriented Programming: A New Class of Code-Reuse Attack. April 22, 2010 gadgets ## Defenses Against ROP/JOP/COP Attacks **Control-flow Enforcement Technology** - Control-flow Integrity (CFI) checks perform the following: - Indirect branches target only valid target addresses - Return instructions should only transfer control to the call site - Intel® Control-flow Enforcement Technology (CET) is a CPU instruction set extension to implement CFI #### **Shadow Stack** - Prevents ROP attacks - Saves control flow to a shadow stack #### **Indirect Branch Tracking** - Prevents JOP/COP - Allows branching only to valid targets **Protection #1: Shadow Stack** ## Protection #1: Shadow Stack ### Protecting From ROP and Return Address Corruption On Stack - Shadow stack is separate stack used exclusively for control transfer operations and is separate from data stack - Shadow stack supporting processors use a new register Shadow Stack Pointer (SSP) - Writes to the shadow stack are restricted to control transfer instructions and special protected instructions - · Call -> Pushes return address on both stacks - No parameters passing on shadow stack - Far calls push Code Segment (CS), Linear Instruction Pointer (LIP) and SSP - Ret -> pops return address from both stacks - Control Flow Protection (#CP) exception in case return addresses don't match #### Shadow Stack Introduces mean Instruction-Per-Cycle loss of less than 2% \* Calculated using ICC compiler using a suite of microprocessor benchmarks Shadow Stack ## Keeping Shadow Stack In Sync #### Setjmp / Longjmp ``` int foo(int i) { if (lestjmp(buf)) { printf("After setjmp"); bar(1); } return i + i; } int bar(int i) { printf("In longjmp"); longjmp(buf, 1); return j; } ``` - · The compiler needs to save the SSP in the jump buffer - The compiler increments SSP by skipped number of frames - · New instructions were introduced RDSSP and INCSSP #### **Exception Handling** - C++ runtime library is updated to use indirect jump instead of return - · It also needs to increment the SSP to pop skipped call frames #### **Context Switching** Different shadow stacks for each privilege level Each shadow stack is setup by Operating System The OS save/restore SSP for thread switching New ISA was added SAVEPREVSSP and RSTORSSP Shadow Stack ### **Protecti** - Shadow statement of transfer op - Shadow st Shadow St - Writes to the instructions - · Call -> Pus - No para - Far cal Pointer - Ret -> pop - Control address ### Setjmp / Longjmp ``` int foo(int i) { if (!setjmp(buf)) { printf("After setjmp"); bar(i); } return i + i; } int bar(int i) { printf("In longjmp"); longjmp(buf, 1); return j; } ``` - The compiler needs to save the SSP in the jump buffer - The compiler increments SSP by skipped number of frames - New instructions were introduced RDSSP and INCSSP ## **Exception Handling** - C++ runtime library is updated to use indirect jump instead of return - It also needs to increment the SSP to pop skipped call frames ## **Context Switching** Different shadow stacks for each privilege level Each shadow stack is setup by Operating System - The OS save/restore SSP for thread switching - New ISA was added SAVEPREVSSP and RSTORSSP ## **Protection #2: Indirect Branch Tracking** ### **Protecting From JOP and COP Attacks** - Indirect Branch Tracking (IBT) detects and prevents attempts to redirect control flow to unintended targets - IBT introduces new instructions: - · ENDBRANCH32 for 32 bit programs - · ENDBRANCH64 for 64 bit programs - ENDBRANCH instructions are NOP instructions on Intel 64 processors that do not support CET - If a target instruction of indirect jump / call has no ENDBRANCH instruction a #CP exception is fired - Compiler instruments ENDBRANCH instruction to: - · Instructions/functions that their address was taken - Global functions - A new nocf\_check attribute was added to: - Disable ENDBRANCH instruction in the beginning of a function - Add no\_track prefix to indirect jump/call to disable control flow check Indirect Branch Tracking ## Fine-grained Indirect Branch Tracking ### NO\_TRACK Prefix and Legacy Compatibility - Software may restrict certain sensitive functions in program address space (e.g. exec, execv, etc.) - OS and dynamic loader can setup legacy code page bitmap to support code that was not compiled with CET enabled or disable legacy interwork - Software may restrict certain sensitive functions in program address space (e.g. exec, execv, etc.) - OS and dynamic loader can setup legacy code page bitmap to support code that was not compiled with CET enabled or disable legacy interwork Indirect Branch Tracking \* Used GCC compiler and ran SPEC 2006 benchmarks ## **IBT State Machine** Analysis & Summary ## **CET Security Analysis** #### **Shadow Stack** Analysis & Summary # **CET Security Analysis** ### **Shadow Stack** **Indirect Branch Tracking** Enforces indirect calling / jumping to valid addresses (no unintended gadgets) AIR: SPEC 2006 benchmarks are prone to attacks by 0.02% Very difficult to chain indirect branches to intended gadgets and create a meaningful program SW may instrument checks in intended gadgets Neglectable performance overhead Average Indirect branch Reduction (AIR), quantifies the fraction of possible indirect targets eliminated by a CFI technique [\*] [\*] M. Zhang and R. Sekar. Control Flow Integrity for COTS Binaries. In USENIX Security, 2013. **Indirect Branch Tracking** Enforces indirect calling / jumping to valid addresses (no unintended gadgets) AIR: SPEC 2006 benchmarks are prone to attacks by 0.02% Very difficult to chain indirect branches to intended gadgets and create a meaningful program SW may instrument checks in intended gadgets Neglectable performance overhead SW may instrument checks in intended gadgets Neglectable performance overhead Analysis & Summary ## **CET Status and Future Work** - LLVM already supports Shadow Stack and IBT (including optimizations) - The architecture is enabled using -mshstk / -mibt flags - · Instrumentation is enabled using - -fcf-protection = return/branch flag - New attribute nocf\_check is currently supported - ICC / GCC implemented CET and updated corresponding libraries, program loader and linker (ld) - · MS Compiler is also being updated - In the future a super set flag of mibt & -mshstk called -mcet will be added - A fix up for setJump / longJump is being promoted into LLVM - LLVM linker will also be updated to support new ABI flags and generating IBT-enabled PLT #### Control-flow Enforcement Technology (CET) • Introduces new HW based Control Flow Integrity (CFI) mechanism #### Shadow Stack and Indirect Branch Tracking (IBT) - Shadow Stack protects against ROP attacks - Indirect Branch Tracking protects against JOP/COP attacks #### Low Overhead CET introduces competitive protection metric rates while maintaining very low performance overhead