Skip to Main content Skip to Navigation

Protections des processeurs contre les cyber-attaques par vérification de l’intégrité du flot d’exécution

Abstract : Cyber attacks are based on intrusions into digital systems by exploiting bugs to take control over the system. Many protections have been developed to thwart cyber attack, among them we can quote code obfuscation, memory integrity check, instruction set randomization, address space layout randomization (ASLR), canary, sand boxing, process isolation, virtualization and access right restriction. Modern processors provide security by zone isolation systems (Protection ring, MMU, NX bit, TrustZone), Control Flow Integrity (CFI) is a new technique proposed by Abadi et al. to mitigate program corruption. This technique gave rise to many implementations but none are complete, fast and easily incorporable to existing processor. This thesis is inspired from previous work on HCODE which implements code integrity by computing signature for each executed basic block. HCODE is an hardware block designed to be plugged in read only on the interface between the processor and the instruction cache. In this thesis we present CCFI solution, improvement of HCODE, which is now able to provide Code Integrity and Control Flow Integrity. We propose CCFI architecture able to protect direct and indirect jumps as well as interruptions. The proposed solution is based on both hardware modules and software modifications to ensure speed and flexibility of the solution. To ensure a full CFI protection metadata are embedded with the code. These metadata describes the Control Flow Graph
Complete list of metadata
Contributor : Abes Star :  Contact
Submitted on : Tuesday, December 15, 2020 - 12:06:07 PM
Last modification on : Thursday, December 17, 2020 - 3:08:03 AM
Long-term archiving on: : Tuesday, March 16, 2021 - 7:22:11 PM


Version validated by the jury (STAR)


  • HAL Id : tel-03066435, version 1



Michaël Timbert. Protections des processeurs contre les cyber-attaques par vérification de l’intégrité du flot d’exécution. Cryptographie et sécurité [cs.CR]. Institut Polytechnique de Paris, 2020. Français. ⟨NNT : 2020IPPAT028⟩. ⟨tel-03066435⟩



Record views


Files downloads