VCFI: Visible control flow integrity for cloud tenants

Yuan Li, Chao Zhang, Xiapu Luo

Research output: Chapter in book / Conference proceedingConference article published in proceeding or bookAcademic researchpeer-review


Cloud-based applications are facing two types of threats: (1) cloud administrators or external attackers that have compromised the cloud platform could inspect or overwrite cloudbased applications' data, or even tamper with their executions, and (2) external attackers could attack the services exposed to the public. These threats stop users from deploying critical services to the cloud. The emerging Intel SGX technology[3][4] provides a trusted execution environment for applications. We could eliminate the first type of threat by simply placing critical services into SGX enclaves, which ensure the integrity and confidentiality of the services. However, the second threat remains. Even if the tenants' code is placed in SGX enclave, it could be exploited by attackers to launch malicious actions, if there are vulnerabilities in the code. Control flow hijacking is one of the most typical exploits. It hijacks vulnerable programs' control flow by exploiting their vulnerabilities, redirects them to execute malicious code on victim computer system. The state-of-The-Art defenses against this threat are control flow integrity solutions[1], which in general enforce indirect control transfer instructions in applications to only jump to legitimate targets. However, such solutions depend on operating systems' reliability, which is questionable especially in the cloud. For example, C-FLAT[2] measures target applications' execution in a secure world, i.e., ARM TrustZone, and verify its control flow integrity. However, the measurement is performed at each control transfer, introducing a high overhead. Moreover, the verification could be bypassed if attackers feed false data to the measurement engine. Control flow integrity itself is not good enough for end users. In the cloud environment, it is also imperative to provide visible security enforcements to cloud tenants. For example, remote users may require an interface to query and check the internal execution status of their applications. In this paper, we propose a defense solution vCFI based on SGX, providing visible control flow integrity to cloud applications for cloud tenants.
Original languageEnglish
Title of host publicationSysTEX 2017 - 2nd Workshop on System Software for Trusted Execution, Colocated with ACM SOSP 2017
PublisherAssociation for Computing Machinery, Inc
ISBN (Electronic)9781450350976
Publication statusPublished - 28 Oct 2017
Event2nd Workshop on System Software for Trusted Execution, SysTex 207 - Shanghai, China
Duration: 28 Oct 2017 → …


Conference2nd Workshop on System Software for Trusted Execution, SysTex 207
Period28/10/17 → …


  • Attestation
  • Cloud
  • Control flow integrity
  • Intel SGX

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this