CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation
Intel control-flow enforcement technology (CET) is a new hardware feature available in recent Intel processors. It supports the coarse-grained control-flow integrity for software to defeat memory corruption attacks. In this paper, we retrofit CET, particularly the write-protected shadow pages of CET used for implementing shadow stacks, to develop a generic and efficient intra-process memory isolation mechanism, dubbed CETIS. To provide user-friendly interfaces, a CETIS framework was developed, which provides memory file abstraction for the isolated memory regions and a set of APIs to access said regions. CETIS also comes with a compiler-assisted tool chain for users to build secure applications easily. The practicality of using CETIS to protect CPI, CFIXX, and JIT-compilers was demonstrated, and the evaluation reveals that CETIS is performed better than state-of-the-art intra-memory isolation mechanisms, such as MPK.
Cited Times [WOS]:0
|Document Type||Conference paper|
|Department||Research Institute of Trustworthy Autonomous Systems|
1.Sklp,Institute of Computing Technology,Cas,University of Chinese Academy of Sciences,Beijing,China
3.Department of Computer Science and Engineering,SUSTech Research Institute of Trustworthy Autonomous Systems,SUSTech,Shenzhen,China
4.Sklp,Institute of Computing Technology,Cas,Beijing,China
Xie，Mengyao,Wu，Chenggang,Zhang，Yinqian,et al. CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process Memory Isolation[C],2022:2989-3002.
|Files in This Item:||There are no files associated with this item.|
|Recommend this item|
|Export to Endnote|
|Export to Excel|
|Export to Csv|
|Similar articles in Google Scholar|
|Similar articles in Baidu Scholar|
|Similar articles in Bing Scholar|
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.