Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory

Muench, Marius; Pagani, Fabio; Shoshitaishvili, Yan; Kruegel, Christopher; Vigna, Giovanni; Balzarotti, Davide

doi:10.1007/978-3-319-45719-2_2

Cited by 10 publications

(11 citation statements)

References 35 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is able to defend against various types of attacks whose primary intention is to redirect the execution flow elsewhere. Many CFI techniques [41][42][43][44][45][46][47][48] were proposed over the past few years. However, they were not fully adopted due to practical challenges and significant limitations.…”

Section: Classification Of Cfi Techniquesmentioning

confidence: 99%

“…Fine-grained CFI is referred to as the strict type CFI [48]. Labeling is one of the most usual approaches to implement fine-grained CFI.…”

Section: Fine-grained Cfimentioning

confidence: 99%

“…Coarse-grained CFI is referred to as loose CFI [48]. Coarse CFI distinguishes indirect branch instructions by their classification and imposes policies on each type.…”

Section: Coarse-grained Cfimentioning

confidence: 99%

“…Carlini et al [45] demonstrate that coarse-grained CFI is not protective enough to defend against small or even simple applications. However, Muench et al [48] and Davi et al [50] argue that compare to fine-grained CFI approach; the coarse-grained enforcement method is enough to protect against CRA.…”

Section: Coarse-grained Cfimentioning

confidence: 99%

See 3 more Smart Citations

Control-Flow Integrity: Attacks and Protections

et al. 2019

View full text Add to dashboard Cite

Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them.

show abstract

Section: Classification Of Cfi Techniquesmentioning

confidence: 99%

“…Fine-grained CFI is referred to as the strict type CFI [48]. Labeling is one of the most usual approaches to implement fine-grained CFI.…”

Section: Fine-grained Cfimentioning

confidence: 99%

“…Coarse-grained CFI is referred to as loose CFI [48]. Coarse CFI distinguishes indirect branch instructions by their classification and imposes policies on each type.…”

Section: Coarse-grained Cfimentioning

confidence: 99%

Section: Coarse-grained Cfimentioning

confidence: 99%

See 2 more Smart Citations

Control-Flow Integrity: Attacks and Protections

et al. 2019

View full text Add to dashboard Cite

show abstract

“…To evaluate the effect of our approach on native code applications, we compile different libc versions as an applicationspecific software stack. Unfortunately, the most common implementation glibc is written in GNU C, an extension of the C programming language which is not supported by LLVM [27]. Therefore, we resort to two other popular libc implementations: musl-libc (1.1.18) and uClibc (0.9.34).…”

Section: A Librariesmentioning

confidence: 99%

Towards Automated Application-Specific Software Stacks

Davidsson

Pawlowski

Holz

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Software complexity has increased over the years. One common way to tackle this complexity during development is to encapsulate features into a shared library. This allows developers to reuse already implemented features instead of reimplementing them over and over again. However, not all features provided by a shared library are actually used by an application. As a result, an application using shared libraries loads unused code into memory, which an attacker can use to perform code-reuse and similar types of attacks. The same holds for applications written in a scripting language such as PHP or Ruby: The interpreter typically offers much more functionality than is actually required by the application and hence provides a larger overall attack surface.In this paper, we tackle this problem and propose a first step towards automated application-specific software stacks. We present a compiler extension capable of removing unneeded code from shared libraries and-with the help of domain knowledgealso capable of removing unused functionalities from an interpreter's code base during the compilation process. Our evaluation against a diverse set of real-world applications, among others Nginx, Lighttpd, and the PHP interpreter, removes on average 71.3% of the code in musl-libc, a popular libc implementation. The evaluation on web applications show that a tailored PHP interpreter can mitigate entire vulnerability classes, as is the case for OpenConf. We demonstrate the applicability of our debloating approach by creating an application-specific software stack for a Wordpress web application: we tailor the libc library to the Nginx web server and PHP interpreter, whereas the PHP interpreter is tailored to the Wordpress web application. In this real-world scenario, the code of the libc is decreased by 65.1% in total, thereby reducing the available code for code-reuse attacks.

show abstract

On the Effectiveness of Control-Flow Integrity Against Modern Attack Techniques

Sayeed

Marco-Gisbert

2019

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Memory error vulnerabilities are still widely exploited by attackers despite the various protections developed. Attackers have adopted new strategies to successfully exploit well-known memory errors bypassing mature protection techniques such us the NX, SSP, and ASLR. Those attacks compromise the execution flow to gain control over the target successfully. Control-flow Integrity (CFI) is a protection technique that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running program cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques including code reuse attacks, return-to-user, return-to-libc and replay attacks. Surveys are conducted to classify those 14 CFI techniques based on the security robustness and implementation feasibility. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. Moreover, we show that the overhead and implementation requirement make some CFI techniques impractical. We conclude that the effort required to have those techniques in real systems, the high overhead, and also the partial attack coverage is discouraging the industry from adopting CFI protections.

show abstract

Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory

Cited by 10 publications

References 35 publications

Control-Flow Integrity: Attacks and Protections

Control-Flow Integrity: Attacks and Protections

Towards Automated Application-Specific Software Stacks

On the Effectiveness of Control-Flow Integrity Against Modern Attack Techniques

Contact Info

Product

Resources

About