Proceedings 2018 Network and Distributed System Security Symposium 2018
DOI: 10.14722/ndss.2018.23279
|View full text |Cite
|
Sign up to set email alerts
|

CFIXX: Object Type Integrity for C++

Abstract: C++ relies on object type information for dynamic dispatch and casting. The association of type information to an object is implemented via the virtual table pointer, which is stored in the object itself. As C++ has neither memory nor type safety, adversaries may therefore overwrite an object's type. If the corrupted type is used for dynamic dispatch, the attacker has hijacked the application's control flow. This vulnerability is widespread and commonly exploited. Firefox, Chrome, and other major C++ applicati… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
30
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
5
3
1

Relationship

2
7

Authors

Journals

citations
Cited by 26 publications
(30 citation statements)
references
References 21 publications
0
30
0
Order By: Relevance
“…The Intel ISA extension Memory Protection Extension (MPX) provides a hardware mechanism that can be used to implement segmentation [42] in a flexible manner. MPX provides a bounds checking mechanism, with four new 128 bit registers to store the bounds, and two new primitives to perform the upper and lower bounds checks.…”
Section: B Code Centric Solutionsmentioning
confidence: 99%
See 1 more Smart Citation
“…The Intel ISA extension Memory Protection Extension (MPX) provides a hardware mechanism that can be used to implement segmentation [42] in a flexible manner. MPX provides a bounds checking mechanism, with four new 128 bit registers to store the bounds, and two new primitives to perform the upper and lower bounds checks.…”
Section: B Code Centric Solutionsmentioning
confidence: 99%
“…Safe stacks have significant compatibility problems, particularly with unprotected code and without full program analysis the conservative analysis ends up allocating a large number of unsafe stack frames, resulting in unnecessary overhead. CFIXX [42] provides object type integrity by protecting the virtual table pointers of C++ objects, thereby precisely protecting virtual dispatch.…”
Section: Related Workmentioning
confidence: 99%
“…The second are attacks targeting the virtual table pointer such as COOP style attacks [78]. These however are an orthogonal problem to stack safety and may be protected through, e.g., OTI [79].…”
Section: Appendix B Miscellaneousmentioning
confidence: 99%
“…Data flow integrity is another technique which prevents invalid read and writes operation by calculating a valid data flow graph at compile time. Object Type Integrity (Burow et al 2018) is Fig. 17 The second method of initializing arrays designed to protect the programs written in C++ as an orthogonal policy as CFI.…”
Section: Exploit Mitigationsmentioning
confidence: 99%