Lessons Learned and Challenges of Deploying Control Flow Integrity in Complex Software: the Case of OpenJDK's Java Virtual Machine

This research explores integrating LLVM's Control Flow Integrity (CFI) into the OpenJDK Java Virtual Machine (JVM) to mitigate memory corruption vulnerabilities. We present a manual approach to CFI integration that offers a solution applicable to various real-world projects. Using the DaCapo be...

Full description

Saved in:
Bibliographic Details
Published in2024 IEEE Secure Development Conference (SecDev) pp. 153 - 165
Main Authors Houy, Sabine, Bartel, Alexandre
Format Conference Proceeding
LanguageEnglish
Published IEEE 07.10.2024
Subjects
Benchmark testing
C/C++ vulnerabilities
cfi
control flow integrity
Ecosystems
Java
jvm
Manuals
memory corruption
Optimization
Performance evaluation
Security
security methodology
Software systems
Virtual machining
Online AccessGet full text
DOI10.1109/SecDev61143.2024.00020

Cover

More Information
Summary:This research explores integrating LLVM's Control Flow Integrity (CFI) into the OpenJDK Java Virtual Machine (JVM) to mitigate memory corruption vulnerabilities. We present a manual approach to CFI integration that offers a solution applicable to various real-world projects. Using the DaCapo benchmark suite, we conduct a thorough performance evaluation of the CFI-integrated JVM version. Our work reveals that introducing CFI results in an average performance overhead of approximately 11.5% and a 34% increase in binary size. Remarkably, we identify specific CFI subcategories that, when implemented individually, induce performance improvements for the JVM. This finding highlights CFI's potential to enhance security and performance in Java and general applications. Our research advances the understanding of CFI integration in complex software such as the JVM, shedding light on the challenges and opportunities in securing software systems against memory corruption attacks.
DOI:10.1109/SecDev61143.2024.00020