Top

Published in:

2021 | OriginalPaper | Chapter

4. Control-Flow Carrying Code

Author : Yan Lin

Published in: Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In the previous chapter, we introduce the approach to generate a more accurate CFG by making use of function signature matching, in this chapter, we will show how to implement the CFI policy securely.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter When Function Signature Recovery Meets Compiler Optimization

next chapter Control-Flow Integrity Enforcement with Dynamic Code Optimization

https://github.com/JonathanSalwan/ROPgadget.

https://github.com/longld/peda.

http://www.scs.stanford.edu/brop/.

http://httpd.apache.org/docs/2.4/programs/ab.html.

http://code.google.com/p/pyftpdlib.

http://docs.libmemcached.org/bin/memslap.html.

http://paradyn.org/html/tools/unstrip.html.

M. Zhang, R. Sekar, Control flow integrity for cots binaries, in Proceedings of the 22nd USENIX Security Symposium (2013), pp. 337–352

C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, W. Zou, Practical control flow integrity and randomization for binary executables, in Proceedings of the 34th IEEE Symposium on Security and Privacy (IEEE, 2013), pp. 559–573

B. Niu, G. Tan, Modular control-flow integrity, in Proceedings of the 21st ACM Conference on Computer and Communications Security (ACM, 2014), pp. 577–587

B. Niu, G. Tan, Per-input control-flow integrity, in Proceedings of the 22nd ACM Conference on Computer and Communications Security (ACM, 2015), pp. 914–926

C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ú. Erlingsson, L. Lozano, G. Pike, Enforcing forward-edge control-flow integrity in \(\{\)GCC\(\}\) & \(\{\)LLVM\(\}\), in Proceedings of the 23rd USENIX Security Symposium (2014), pp. 941–955

M. Abadi, M. Budiu, U. Erlingsson, J. Ligatti, Control-flow integrity, in Proceedings of the 12th ACM Conference on Computer and Communications Security (ACM, 2005), pp. 340–353

M. Zhang, R. Sekar, Control flow and code integrity for COTS binaries: an effective defense against real-world ROP attacks, in Proceedings of the 31st Annual Computer Security Applications Conference (2015), pp. 91–100

E. Bosman, K. Razavi, H. Bos, C. Giuffrida, Dedup Est Machina: memory deduplication as an advanced exploitation vector, in Proceedings of the 37th IEEE Symposium on Security and Privacy (IEEE, 2016), pp. 987–1004

H. Hu, S. Shinde, S. Adrian, Z.L. Chua, P. Saxena, Z. Liang, Data-oriented programming: on the expressiveness of non-control data attacks, in Proceedings of the 37th IEEE Symposium on Security and Privacy (IEEE, 2016), pp. 969–986

10.

G.C. Necula, Proof-carrying code. Design and implementatio, in Proof and System-Reliability (Springer, 2002), pp. 261–288

11.

G.S. Kc, A.D. Keromytis, V. Prevelakis, Countering code-injection attacks with instruction-set randomization, in Proceedings of the 10th ACM Conference on Computer and Communications Security (ACM, 2003), pp. 272–280

12.

A. Shamir, How to share a secret. Commun. ACM 22(11), 612–613 (1979)MathSciNetCrossRef

13.

G. Portokalidis, A.D. Keromytis, Fast and practical instruction-set randomization for commodity systems, in Proceedings of the 26th Annual Computer Security Applications Conference (ACM, 2010), pp. 41–48

14.

E.G. Barrantes, D.H. Ackley, T.S. Palmer, D. Stefanovic, D.D. Zovi, Randomized instruction set emulation to disrupt binary code injection attacks, in Proceedings of the 10th ACM Conference on Computer and Communications Security (ACM, 2003), pp. 281–289

15.

A. Papadogiannakis, L. Loutsis, V. Papaefstathiou, S. Ioannidis, ASIST: architectural support for instruction set randomization, in Proceedings of the 20th ACM Conference on Computer and Communications Security (ACM, 2013), pp. 981–992

16.

Intel Corporation: Intel software guard extensions (Intel SGX) (2019), https://software.intel.com/en-us/sgx/

17.

N.A. Quynh, Capstone: Next-gen disassembly framework, Black Hat USA (2014)

18.

V. Van Der Veen, E. Göktas, M. Contag, A. Pawoloski, X. Chen, S. Rawat, H. Bos, T. Holz, E. Athanasopoulos, C. Giuffrida, A tough call: mitigating advanced code-reuse attacks at the binary level, in Proceedings of the 37th IEEE Symposium on Security and Privacy (IEEE, 2016), pp. 934–953

19.

A.R. Bernat, B.P. Miller, Anywhere, any-time binary instrumentation, in Proceedings of the 10th ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools (ACM, 2011), pp. 9–16

20.

C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V.J. Reddi, K. Hazelwood, Pin: building customized program analysis tools with dynamic instrumentation, in Proceedings of the 26th ACM Conference on Programming Language Design and Implementation (ACM, 2005), pp. 190–200

21.

D. Bruening, Efficient,transparent,and comprehensive runtime code manipulation, Ph.D. thesis, Massachusetts Institute of Technology, 2004

22.

E. Göktas, E. Athanasopoulos, H. Bos, G. Portokalidis, Out of control: overcoming control-flow integrity, in Proceedings of the 35th IEEE Symposium on Security and Privacy (IEEE, 2014), pp. 575–589

23.

L. Davi, A.-R. Sadeghi, D. Lehmann, F. Monrose, Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection, in Proceedings of the 23rd USENIX Security Symposium (2014)

24.

M. Conti, S. Crane, L. Davi, M. Franz, P. Larsen, M. Negro, C. Liebchen, M. Qunaibit, A.-R. Sadeghi, Losing control: on the effectiveness of control-flow integrity under stack attacks, in Proceedings of the 22nd ACM Conference on Computer and Communications Security (ACM, 2015), pp. 952–963

25.

V. Pappas, M. Polychronakis, A.D. Keromytis, Transparent \(\{\)ROP\(\}\) exploit mitigation using indirect branch tracing, in Proceedings of the 22nd USENIX Security Symposium (2013), pp. 447–462

26.

Y. Cheng, Z. Zhou, Y. Miao, X. Ding, H. Deng, et al., ROPecker: a generic and practical approach for defending against ROP attack, in Proceedings of the 21th Annual Network and Distributed System Security Symposium (2014)

27.

M. Payer, A. Barresi, T.R. Gross, Fine-grained control-flow integrity through binary hardening, in Proceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (Springer, 2015), pp. 144–164

28.

M. Wang, H. Yin, A.V. Bhaskar, P. Su, D. Feng, Binary code continent: finer-grained control flow integrity for stripped binaries, in Proceedings of the 31st Annual Computer Security Applications Conference (ACM, 2015), pp. 331–340

29.

Y. Lin, X. Tang, D. Gao, J. Fu, Control flow integrity enforcement with dynamic code optimization, in Proceedings of the 19th International Conference on Information Security (Springer, 2016), pp. 366–385

30.

K.Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A.-R. Sadeghi, Just-in-time code reuse: on the effectiveness of fine-grained address space layout randomization, in Proceedings of the 34th IEEE Symposium on Security and Privacy (IEEE, 2013), pp. 574–588

31.

A. Bittau, A. Belay, A. Mashtizadeh, D. Mazières, D. Boneh, Hacking blind, in Proceedings of the 35th IEEE Symposium on Security and Privacy (IEEE, 2014), pp. 227–242

32.

N. Carlini, A. Barresi, M. Payer, D. Wagner, T.R. Gross, Control-flow bending: on the effectiveness of control-flow integrity, in Proceedings of the 24th USENIX Security Symposium (2015), pp. 161–176

33.

H. Pan, K. Asanović, R. Cohn, C.-K. Luk, Controlling program execution through binary instrumentation. ACM SIGARCH Comput. Archit. News 33(5), 45–50 (2005)CrossRef

34.

R. Wahbe, S. Lucco, T.E. Anderson, S.L. Graham, Efficient software-based fault isolation, vol. 27, no. 5 (1994), pp. 203–216

35.

A.N. Sovarel, D. Evans, N. Paul, Where’s the feeb? The effectiveness of instruction set randomization, in Proceedings of the 15th USENIX Security Symposium (2005)

36.

R. Qiao, R. Sekar, Function interface analysis: a principled approach for function recognition in cots binaries, in Proceedings of the 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (2017), pp. 201–212

37.

E.C.R. Shin, D. Song, R. Moazzezi, Recognizing functions in binaries with neural networks, in Proceedings of the 24th USENIX Security Symposium (2015), pp. 611–626

38.

M. Zhang, M. Polychronakis, R. Sekar, Protecting COTS binaries from disclosure-guided code reuse attacks, in Proceedings of the 33rd Annual Computer Security Applications Conference (2017), pp. 128–140

Title: Control-Flow Carrying Code
Author: Yan Lin
Publisher: Springer International Publishing
Book: Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity
Print ISBN: 978-3-030-73140-3

Electronic ISBN: 978-3-030-73141-0

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-73141-0_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner