Proceedings 2016 Network and Distributed System Security Symposium 2016
DOI: 10.14722/ndss.2016.23164
|View full text |Cite
|
Sign up to set email alerts
|

VTrust: Regaining Trust on Virtual Calls

Abstract: Abstract-Virtual function calls are one of the most popular control-flow hijack attack targets. Compilers use a virtual function pointer table, called a VTable, to dynamically dispatch virtual function calls. These VTables are read-only, but pointers to them are not. VTable pointers reside in objects that are writable, allowing attackers to overwrite them. As a result, attackers can divert the control-flow of virtual function calls and launch VTable hijacking attacks. Researchers have proposed several solution… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

1
52
0

Year Published

2016
2016
2023
2023

Publication Types

Select...
4
3
2

Relationship

1
8

Authors

Journals

citations
Cited by 51 publications
(53 citation statements)
references
References 30 publications
1
52
0
Order By: Relevance
“…CFI mechanisms work by using static analysis to create an over approximation of the control-flow graph (CFG), and then enforce at runtime that all transitions must be within the statically computed CFG. After the initial proposal, follow on research has removed the need for whole program analysis [57], [58], and specialized CFI to use additional information in C++ programs when protecting virtual calls [59], [60]. To improve the precision of the CFG construction underlying CFI, more advanced static analysis techniques have been proposed [61].…”
Section: Related Workmentioning
confidence: 99%
“…CFI mechanisms work by using static analysis to create an over approximation of the control-flow graph (CFG), and then enforce at runtime that all transitions must be within the statically computed CFG. After the initial proposal, follow on research has removed the need for whole program analysis [57], [58], and specialized CFI to use additional information in C++ programs when protecting virtual calls [59], [60]. To improve the precision of the CFG construction underlying CFI, more advanced static analysis techniques have been proposed [61].…”
Section: Related Workmentioning
confidence: 99%
“…There are numbers of defense methods that have been proposed since the attack was presented. VTrust [27] guarantees that virtual function call site invokes virtual functions with the same name and argument type list and a compatible class relationship, so that attacks cannot use random functions of the program's vtables. TypeArmor [28] provides a binary protection mechanism, which uses use-def analysis at callees and function parameters as constraints to decrease the target functions of the indirect call site.…”
Section: Code Reuse Attacksmentioning
confidence: 99%
“…Several new defense techniques aiming at protecting functions are presented immediately as countermeasures. For example, VTrust [27] and TypeArmor [28] protect the program against COOP attack by guaranteeing that the callee of every call site is legitimate. Both function pointers and virtual function calls are vulnerable indirect function calls inducing forward control-flow transfer that may be exploited to launch a code reuse attack.…”
Section: Related Workmentioning
confidence: 99%
“…We compare HCIC with recent methods [33] [55]. Security and practicality are two most important metrics to evaluate current CRA defenses.…”
Section: F Comparison Of Security and Practicalitymentioning
confidence: 99%