Code-pointer integrity

Kuznetzov, Volodymyr; Szekeres, László; Payer, Mathias; Candea, George; Sekar, R.; Song, Dawn

doi:10.1145/3129743.3129748

Cited by 171 publications

(280 citation statements)

References 0 publications

Supporting

Mentioning

279

Contrasting

Order By: Relevance

“…After a deep rethought on randomization mechanism, security exports proposed two defense mechanisms: Lifetime Randomization [33] and Code Pointer Integrity (CPI) [34]. The so-called Lifetime Randomization, is based on the fine-grained Randomization, additionally the running process can continuously change the order of inner instructions in its memory space which to ensure that the leaked code location information is invalid at the time of Control Flow Hijacking.…”

Section: Address Space Layout Randomizationmentioning

confidence: 99%

Eternal War in Software Security: A Survey of Control Flow Protection

Tang¹,

Ying²,

Wang³

et al. 2017

Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)

View full text Add to dashboard Cite

Abstract. Software security is the cornerstone of computer system security. Among all the elements consisting of software security, control flow protection is undoubtedly the most important one. Once the process's control flow is hijacked, attacker can manipulate it to implement a variety of malicious acts and break through other protection mechanisms which ultimately lead to the control of the entire system. This paper will present a series of offensive and defensive technologies about Control Flow Protection which have been developed in the past three decades. The paper will elaborate the causes of their emergence, explain the principle of their implement, and compare the security and performance of their method. Additionally, it will introduce some other technologies applied in the progress of attack and mitigation, such as program analysis, virtual memory management, machine learning and so on. Through those above illustration and analysis, the paper summarizes three primary suggestions which not only can enlighten security engineers on the design of new methods, but also can help general developers to estimate their software's robustness, practicability and performance.

show abstract

Section: Address Space Layout Randomizationmentioning

confidence: 99%

Eternal War in Software Security: A Survey of Control Flow Protection

Tang¹,

Ying²,

Wang³

et al. 2017

Proceedings of the 2016 7th International Conference on Education, Management, Computer and Medicine (EMCM 2016)

View full text Add to dashboard Cite

show abstract

“…SFI achieves this by sandboxing all memory-writes by untrusted modules (e.g., [37,61]). CFI leverages control-flow guards to enforce atomic blocks that guard memory-writes (e.g., [20,34,41]). …”

Section: Trust Modelmentioning

confidence: 99%

“…OVT-IVT [6] improves performance by reorganizing vtables to permit quick validation as a simple bounds check. CPI [34] heuristically derives a set of sensitive pointers, and guards their integrity to prevent control-flow hijacking. CPS [34] optimizes CPI to improve overheads for programs with many virtual functions by instrumenting only code pointers, but at the expense of less security for vtable pointers exploited by confused deputy attacks.…”

Section: Vtable Protectionmentioning

confidence: 99%

Object Flow Integrity

Wang

Xiaoyang

Hamlen

2017

Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Object flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: those containing immutable system modules with large, objectoriented APIs-which are particularly common in component-based, event-driven consumer software. It also helps to protect these intermodule object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks.A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits low overheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts.

show abstract

“…The most recent contribution to this domain is CodePointer Integrity (CPI) [36]. With CPI, Kuznetsov et al isolate all sensitive pointers, which are defined recursively as code pointers and pointers to sensitive pointers.…”

Section: Custom Code Analysis and Code Generationmentioning

confidence: 99%

Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

Volckaert

Coppens

SutterMember

2016

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

Abstract-In this paper, we present Disjoint Code Layouts (DCL), a technique that complements Multi-Variant Execution [1] and W⊕X protection to effectively immunize programs against control flow hijacking exploits such as Return Oriented Programming (ROP) [2] and return-to-libc attacks [3]. DCL improves upon Address Space Partitioning (ASP), an earlier technique presented to defeat memory exploits. Unlike ASP, our solution keeps the full virtual address space available to the protected program. Additionally, our combination of DCL with Multi-Variant Execution is transparent to both the user and the programmer and incurs much less overhead than other ROP defense tools, both in terms of run time and memory footprint.

show abstract

Code-pointer integrity

Cited by 171 publications

References 0 publications

Eternal War in Software Security: A Survey of Control Flow Protection

Eternal War in Software Security: A Survey of Control Flow Protection

Object Flow Integrity

Cloning Your Gadgets: Complete ROP Attack Immunity with Multi-Variant Execution

Contact Info

Product

Resources

About