TMDFI: Tagged Memory Assisted for Fine-Grained Data-Flow Integrity Towards Embedded Systems Against Software Exploitation

Memory corruption vulnerabilities are main causes of quite a few modern software attacks. Classical Data-flow integrity, which is originally implemented purely on soft-ware platforms, can perform a good security effect against memory corruption attacks, particularly the newly proposed data-oriented programming attacks. However, it introduces high space and time overheads. To tackle these limitations of DFI, in this paper we present tagged memory supported data-flow integrity, TMDFI, a hardware data-flow integrity implementation to enable fine-grained DFI checks with reduced time and space overheads. Our hardware DFI proposal is based on lowRISC, an existing open-source tagged memory architecture targeting a RISC-V core. The tag fields are enlarged and adopted to keep the identifiers for run-time DFI enforcement. We modified the low-RISC architecture by adding a new instruction that performs multiple tags checking simultaneously and changing some native tag manipulation features. We tested our prototype on an RTL emulator. The result shows that the reduction of run-time overhead of a full inter-procedural DFI enforcement is from 104% to 39% and the space overhead shrinks from 50% to 12.5%.