Ziwei Ye scite author profile

CCFIR (Compact Control Flow Integrity and Randomization) has low performance overhead as an exploit mitigation, but it is hard to mitigate exploits by hijacking virtual function pointer, which are emerging in recent years. Because of the polymorphism of virtual functions, CCFIR can't determine a unique spring board stub.We propose a new practical protection method named SDCFI (Static-Dynamic Control Flow Integrity), whose goal is to protect virtual function pointers from hijacking. Taking advantage of static analysis result of IDA and PIN dynamic instrumentation, SDCFI improves the accuracy of the disassembly and identifies indirect call target addresses at runtime. We observe that there are always double 0x90 bytes for alignment in the gap between two functions, which can be substituted by a two-byte checkmark. Using the checkmark, SDCFI can validate a target more simply and faster than traditional CFI. Based on these approaches, SDCFI can prevent control-flow hijacking attacks including ROP, because the gadgets of stack pivot can't pass the validation.We evaluate our prototype implementation for Internet Explorer8 browser on Windows XP, which faces serious security threats since April 8, 2014. SDCFI protects most indirect call instructions in msthml.dll, and has low runtime overhead of 1.48% on average. Experiments on real-world exploits for IE8 browser also show that SDCFI can effectively mitigate exploits by hijacking virtual function pointer.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Ziwei Ye

Zero-Day Vulnerability Risk Assessment and Attack Path Analysis Using Security Metric

Static-Dynamic Control Flow Integrity

Contact Info

Product

Resources

About