Comparative Analysis and Enhancement of CFG-based Hardware-Assisted CFI Schemes

Abstract

This paper addresses the difficulty of quantitatively comparing existing hardware-assisted Control Flow Integrity (CFI) schemes by implementing several promising CFG-based mechanisms on a unified RISC-V platform. The authors benchmark performance, hardware utilization, and binary size across nearly 40 applications to provide a meaningful comparison of various techniques. Furthermore, they introduce an enhanced, fine-grained CFI scheme that achieves CFI with less overhead than previously demonstrated mechanisms.

Report

Key Highlights

• Standardized Comparison: The primary contribution is providing a quantitative, platform-neutral comparison of previously proposed CFG-based hardware-assisted CFI schemes, which was previously impossible due to varied platforms and benchmarks.
• Unified Platform: All CFI schemes were implemented and evaluated on a common security evaluation platform: a RISC-V System-on-Chip (SoC) realized within an FPGA.
• Comprehensive Benchmarking: The analysis utilized a large set of almost 40 benchmark applications ported to the evaluation system.
• Enhanced CFI Approach: The authors developed a novel, enhanced CFI scheme, consolidating the best concepts from prior work, which is shown to be highly practical and feature-complete.
• Low Overhead: The new fine-grained CFI approach demonstrated the ability to achieve integrity protection with lower performance and resource overheads than existing techniques.

Technical Details

• Security Focus: The research focuses on mitigating control flow subversion attacks (e.g., code-reuse attacks) using Control Flow Graph (CFG) analysis.
• Implementation Architecture: The evaluation platform comprises a RISC-V SoC implemented on an FPGA, facilitating accurate hardware utilization and run-time measurements for the comparison.
• Evaluation Metrics: The comparison assesses three crucial metrics for hardware security mechanisms: run-time performance (speed), hardware utilization (resource cost on the FPGA), and binary size (code footprint).
• Methodology: The research involves integrating and evaluating multiple distinct CFI schemes and then synthesizing a new approach that is designed to be more practical and feature-complete, addressing previously ignored integration problems.
• Design Goal: The enhanced approach targets a fine-grained level of control flow protection to maximize security while minimizing associated overheads.

Implications

• Advancing RISC-V Security: By using a RISC-V SoC as the common platform, this work directly contributes to developing robust, standardized hardware security solutions for the RISC-V ecosystem. It provides critical data points for engineers designing future security extensions.
• Standardizing CFI Metrics: The paper establishes a concrete baseline for evaluating hardware CFI, offering a standardized testbed (RISC-V/FPGA platform with 40 benchmarks) that future CFI researchers can adopt, enabling more accurate comparisons across academia and industry.
• Practicality of Hardware Security: The demonstration of an enhanced CFI scheme achieving integrity with minimal overhead proves that strong control flow protection is feasible and practical for resource-constrained embedded or high-performance systems.
• Mitigation of Code-Reuse Attacks: The findings help accelerate the adoption of effective hardware countermeasures against one of the most serious classes of software exploitation techniques (code-reuse attacks).