Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015
DOI: 10.1145/2810103.2813646
|View full text |Cite
|
Sign up to set email alerts
|

Control Jujutsu

Abstract: Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets statically and checking them at runtime. Coarse-grained enforcements of CFI that use a small number of tags to improve the performance overhead have been shown to be ineffective. As a result, a number of recent efforts have focused on fine-grained enforcement of CFI as it was originally proposed. In this work, we show that even a fin… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
4
0

Year Published

2018
2018
2021
2021

Publication Types

Select...
5
1
1

Relationship

0
7

Authors

Journals

citations
Cited by 134 publications
(16 citation statements)
references
References 48 publications
0
4
0
Order By: Relevance
“…In this article, we assume software that has memory-corruption vulnerabilities (aligned with similar research [48,57,65,70]), which may be transformed to powerful read and write primitives [73]. The particular software that we are interested in comes in the form of a mixed binary.…”
Section: Threat Modelmentioning
confidence: 99%
See 1 more Smart Citation
“…In this article, we assume software that has memory-corruption vulnerabilities (aligned with similar research [48,57,65,70]), which may be transformed to powerful read and write primitives [73]. The particular software that we are interested in comes in the form of a mixed binary.…”
Section: Threat Modelmentioning
confidence: 99%
“…Typically, these memory addresses contain control data and the primitives are granted by abusing spatial or temporal safety [73]. Notice, that several papers have employed similar bug functions [48,57,65,70] to demonstrate their attacks.…”
Section: Control-flow Integritymentioning
confidence: 99%
“…For instance; if arguments are overwritten directly, then that is considered as a data-only attack as it did not require to invade the control-flow for such operation, but if the overwritten data is non-control-data, then it has affected the control-flow. CFB implements fully-precise static CFG which can be undecidable [16]. CFB also violates certain functions at a high level and execution of such functions likely to alter the return address and corrupt control-flow [29].…”
Section: Control-flow Bending: On the Effectiveness Of Cfi (Cfb)mentioning
confidence: 99%
“…Beside that, Kernel CFI is able to build a minimal challenge to defend against ROP based attacks [33]. Table 3 also shows that IFCC is unable to mitigate control-flow exploitation and can be by-passable by control-flow attack [16]. Though CFB enhances strong CFI enforcement by imposing shadow stack.…”
Section: Software-based Cfimentioning
confidence: 99%
“…This attack [17] doesn't aim to create indirections inside the program in a way to give the attacker Turing complete capabilities, instead, it shows that programs usually have calls that, by corrupting them alone is enough to achieve what is desired. The paper proposes an attack on an Apache server protected by CFI which only corrupts one edge from a log function to make a system call that invokes the command shell to the attacker.…”
Section: Control-flow Jujutsumentioning
confidence: 99%