<efrbr:recordSet xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:efrbr="http://vfrbr.info/efrbr/1.1" xmlns:efrbr-work="http://vfrbr.info/efrbr/1.1/work" xmlns:efrbr-expression="http://vfrbr.info/efrbr/1.1/expression" xmlns:efrbr-manifestation="http://vfrbr.info/efrbr/1.1/manifestation" xmlns:efrbr-person="http://vfrbr.info/efrbr/1.1/person" xmlns:efrbr-corporateBody="http://vfrbr.info/efrbr/1.1/corporateBody" xmlns:efrbr-concept="http://vfrbr.info/efrbr/1.1/concept" xmlns:efrbr-structure="http://vfrbr.info/efrbr/1.1/structure" xmlns:efrbr-responsible="http://vfrbr.info/efrbr/1.1/responsible" xmlns:efrbr-subject="http://vfrbr.info/efrbr/1.1/subject" xmlns:efrbr-other="http://vfrbr.info/efrbr/1.1/other" xsi:schemaLocation="http://vfrbr.info/efrbr/1.1 http://vfrbr.info/schemas/1.1/efrbr.xsd"><efrbr:entities><efrbr-work:work identifier="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355"><efrbr-work:titleOfTheWork>Hard edges: hardware-based Control-Flow Integrity for embedded devices</efrbr-work:titleOfTheWork></efrbr-work:work><efrbr-expression:expression identifier="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355"><efrbr-expression:titleOfTheExpression>Hard edges: hardware-based Control-Flow Integrity for embedded devices</efrbr-expression:titleOfTheExpression><efrbr-expression:formOfExpression vocabulary="DIAS:TYPES">
            Πλήρης Δημοσίευση σε Συνέδριο
            Conference Full Paper
         </efrbr-expression:formOfExpression><efrbr-expression:dateOfExpression type="issued">2024-11-26</efrbr-expression:dateOfExpression><efrbr-expression:dateOfExpression type="published">2021</efrbr-expression:dateOfExpression><efrbr-expression:languageOfExpression vocabulary="iso639-1">en</efrbr-expression:languageOfExpression><efrbr-expression:summarizationOfContent>Control-Flow Integrity (CFI) is a popular technique to defend against State-of-the-Art exploits, by ensuring that every (indirect) control-flow transfer points to a legitimate address and it is part of the Control-flow Graph (CFG) of a program. Enabling CFI in real systems is not straightforward, since in many cases the actual CFG of a program can only be approximated. Even in the case where there is perfect knowledge of the CFG, ensuring that all return instructions will return to their actual call sites, without employing a shadow stack, is questionable.

In this work, we explore the implementation of a full-featured CFI-enabled Instruction Set Architecture (ISA) on actual hardware. Our new instructions provide the finest possible granularity for both intra-function and inter-function Control-Flow Integrity. We implement hardware-based CFI (HCFI) by modifying a SPARC SoC and evaluate the prototype on an FPGA board by running SPECInt benchmarks instrumented with a fine-grained CFI policy. HCFI can effectively protect applications from code-reuse attacks, while adding less than 1% average runtime and 2% power consumption overhead, making it particularly suitable for embedded systems.</efrbr-expression:summarizationOfContent><efrbr-expression:contextForTheExpression>This work was supported by the projects CONCORDIA, C4IIoT, Cyrene and IntellIoT, funded by the European Commission under Grant Agreements No. 830927, No. 833828, No 952690 and No. 957218.</efrbr-expression:contextForTheExpression><efrbr-expression:useRestrictionsOnTheExpression type="creative-commons">http://creativecommons.org/licenses/by/4.0/</efrbr-expression:useRestrictionsOnTheExpression><efrbr-expression:note type="page range">275–287</efrbr-expression:note><efrbr-expression:note type="conference name">21st International Conference on Embedded Computer Systems: Architectures, Modeling, and Simulation</efrbr-expression:note><efrbr-expression:note type="proceedings title">Embedded Computer Systems: Architectures, Modeling, and Simulation</efrbr-expression:note></efrbr-expression:expression><efrbr-person:person identifier="6152DB57-0254-4737-9418-9459E8FF9171"><efrbr-person:nameOfPerson vocabulary="">
            Christou George
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="D6C70942-95A9-4069-BD45-FBFA1A09455D"><efrbr-person:nameOfPerson vocabulary="">
            Vasiliadis Giorgos
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="https://viaf.org/viaf/150146331839118691342"><efrbr-person:nameOfPerson vocabulary="VIAF">
            Athanasopoulos, Elias
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-person:person identifier="http://users.isc.tuc.gr/~sioannidis"><efrbr-person:nameOfPerson vocabulary="TUC:LDAP">
            Ioannidis Sotirios
            Ιωαννιδης Σωτηριος
         </efrbr-person:nameOfPerson></efrbr-person:person><efrbr-corporateBody:corporateBody identifier="https://v2.sherpa.ac.uk/id/publisher/3291"><efrbr-corporateBody:nameOfTheCorporateBody vocabulary="S/R:PUBLISHERS">
            Springer
         </efrbr-corporateBody:nameOfTheCorporateBody></efrbr-corporateBody:corporateBody><efrbr-concept:concept identifier="FC8588EB-8C94-4680-B384-11D547F9F2A4"><efrbr-concept:termForTheConcept>
            Control-Flow Integrity (CFI)
         </efrbr-concept:termForTheConcept></efrbr-concept:concept><efrbr-concept:concept identifier="33108E08-979A-4DB9-8729-717E118E2104"><efrbr-concept:termForTheConcept>
            Instruction Set Architecture (ISA)
         </efrbr-concept:termForTheConcept></efrbr-concept:concept></efrbr:entities><efrbr:relationships><efrbr-structure:structureRelations><efrbr-structure:realizedThrough sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="expression" targetURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355"/></efrbr-structure:structureRelations><efrbr-responsible:responsibleRelations><efrbr-responsible:createdBy sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="6152DB57-0254-4737-9418-9459E8FF9171"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="6152DB57-0254-4737-9418-9459E8FF9171" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="D6C70942-95A9-4069-BD45-FBFA1A09455D" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="https://viaf.org/viaf/150146331839118691342" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="http://users.isc.tuc.gr/~sioannidis" role="author"/><efrbr-responsible:realizedBy sourceEntity="expression" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="person" targetURI="https://v2.sherpa.ac.uk/id/publisher/3291" role="publisher"/></efrbr-responsible:responsibleRelations><efrbr-subject:subjectRelations><efrbr-subject:hasSubject sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="concept" targetURI="FC8588EB-8C94-4680-B384-11D547F9F2A4"/><efrbr-subject:hasSubject sourceEntity="work" sourceURI="http://purl.tuc.gr/dl/dias/73893A59-F400-4080-AEF0-B7C4503EF355" targetEntity="concept" targetURI="33108E08-979A-4DB9-8729-717E118E2104"/></efrbr-subject:subjectRelations><efrbr-other:otherRelations/></efrbr:relationships></efrbr:recordSet>