Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary functions inside the program. To protect the control-flow from these attacks, dedicated fault control-flow integrity (CFI) countermeasures are commonly deployed. However, these schemes either have high detection latencies or require intrusive hardware changes. In this paper, we present EC-CFI, a software-based cryptographically enforced CFI scheme with no detection latency utilizing hardware features of recent Intel platforms. Our EC-CFI prototype is designed to prevent an adversary from escaping the program's call graph using faults by encrypting each function with a different key before execution. At runtime, the instrumented program dynamically derives the decryption key, ensuring that the code only can be successfully decrypted when the program follows the intended call graph. To enable this level of protection on Intel commodity systems, we introduce extended page table (EPT) aliasing allowing us to achieve function-granular encryption by combing Intel's TME-MK and virtualization technology. We open-source our custom LLVM-based toolchain automatically protecting arbitrary programs with EC-CFI. Furthermore, we evaluate our EPT aliasing approach with the SPEC CPU2017 and Embench-IoT benchmarks and discuss and evaluate potential TME-MK hardware changes minimizing runtime overheads.

翻译：故障攻击可使攻击者操纵安全关键型应用的控制流。通过向CPU注入定向故障，可突破应用程序的调用图，并将控制流重定向至程序内的任意函数。为保护控制流免受此类攻击，通常部署专用故障控制流完整性（CFI）对策。然而，这些方案要么存在较高的检测延迟，要么需要侵入式的硬件改动。本文提出EC-CFI，一种基于软件的密码学强制CFI方案，该方案利用近期Intel平台的硬件特性实现零检测延迟。我们的EC-CFI原型旨在通过在执行前为每个函数使用不同密钥加密，防止攻击者利用故障突破程序的调用图。运行时，经插桩的程序动态派生解密密钥，确保只有当程序遵循预期调用图时，代码才能被成功解密。为在Intel商用系统上实现该保护等级，我们引入扩展页表（EPT）别名技术，通过结合Intel TME-MK与虚拟化技术实现函数级粒度的加密。我们开源了基于LLVM的自定义工具链，可自动使用EC-CFI保护任意程序。此外，我们利用SPEC CPU2017和Embench-IoT基准测试评估了EPT别名方案，并讨论与评估了可降低运行时开销的潜在TME-MK硬件改动。