- -

Control-Flow Integrity: Attacks and Protections

RiuNet: Institutional repository of the Polithecnic University of Valencia

Share/Send to

Cited by

Statistics

Control-Flow Integrity: Attacks and Protections

Show full item record

Sayeed, S.; Marco-Gisbert, H.; Ripoll-Ripoll, I.; Birch, M. (2019). Control-Flow Integrity: Attacks and Protections. Applied Sciences. 9(20):1-22. https://doi.org/10.3390/app9204229

Por favor, use este identificador para citar o enlazar este ítem: http://hdl.handle.net/10251/144803

Files in this item

Item Metadata

Title: Control-Flow Integrity: Attacks and Protections
Author: Sayeed, Sarwar Marco-Gisbert, Héctor Ripoll-Ripoll, Ismael Birch, Miriam
UPV Unit: Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors
Issued date:
Abstract:
[EN] Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant ...[+]
Subjects: CFI protections , CFI attacks , Memory errors , Security , Exploitation
Copyrigths: Reconocimiento (by)
Source:
Applied Sciences. (eissn: 2076-3417 )
DOI: 10.3390/app9204229
Publisher:
MDPI AG
Publisher version: https://doi.org/10.3390/app9204229
Type: Artículo

References

Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., … Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). doi:10.1109/isca.2014.6853210

Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad. Proceedings of the 15th ACM conference on Computer and communications security - CCS ’08. doi:10.1145/1455770.1455776

Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866370 [+]
Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., … Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). doi:10.1109/isca.2014.6853210

Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad. Proceedings of the 15th ACM conference on Computer and communications security - CCS ’08. doi:10.1145/1455770.1455776

Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866370

Bletsch, T., Jiang, X., Freeh, V. W., & Liang, Z. (2011). Jump-oriented programming. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS ’11. doi:10.1145/1966913.1966919

Bosman, E., & Bos, H. (2014). Framing Signals - A Return to Portable Shellcode. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.23

GCC Extension for Protecting Applications from Stack-Smashing Attacks (ProPolice) http://www.trl.ibm.com/projects/security/ssp/

Address Space Layout Randomization http://pax.grsecurity.net/docs/aslr.txt

Lu, K., Song, C., Lee, B., Chung, S. P., Kim, T., & Lee, W. (2015). ASLR-Guard. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813694

New Security Enhancementsin Red Hat Enterprise Linux http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf

Wehbe, T., Mooney, V., & Keezer, D. (2018). Hardware-Based Run-Time Code Integrity in Embedded Devices. Cryptography, 2(3), 20. doi:10.3390/cryptography2030020

Nanda, S., Li, W., Lam, L., & Chiueh, T. (2006). Foreign Code Detection on the Windows/X86 Platform. 2006 22nd Annual Computer Security Applications Conference (ACSAC’06). doi:10.1109/acsac.2006.29

CWE Category http://cwe.mitre.org/

Stack-Based Buffer Overflow Attacks: What You Need to Know https://blog.rapid7.com/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/

Novark, G., & Berger, E. D. (2010). DieHarder. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866371

Dietz, W., Li, P., Regehr, J., & Adve, V. (2015). Understanding Integer Overflow in C/C++. ACM Transactions on Software Engineering and Methodology, 25(1), 1-29. doi:10.1145/2743019

Dowson, M. (1997). The Ariane 5 software failure. ACM SIGSOFT Software Engineering Notes, 22(2), 84. doi:10.1145/251880.251992

An Introduction to Use After Free Vulnerabilities https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities

Null Dereference https://www.owasp.org/index.php/Null_Dereference

Code Injection https://www.owasp.org/index.php/Code_Injection

Performing a Ret2libc Attack https://www.shellblade.net/docs/ret2libc.pdf

Roglia, G. F., Martignoni, L., Paleari, R., & Bruschi, D. (2009). Surgically Returning to Randomized lib(c). 2009 Annual Computer Security Applications Conference. doi:10.1109/acsac.2009.16

Guan, L., Lin, J., Luo, B., Jing, J., & Wang, J. (2015). Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory. 2015 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2015.8

Defending against Return-Oriented Programming https://www.cs.columbia.edu/~angelos/Papers/theses/vpappas_thesis.pdf

Niu, B., & Tan, G. (2015). Per-Input Control-Flow Integrity. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813644

Mashtizadeh, A. J., Bittau, A., Boneh, D., & Mazières, D. (2015). CCFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813676

Muench, M., Pagani, F., Shoshitaishvili, Y., Kruegel, C., Vigna, G., & Balzarotti, D. (2016). Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory. Lecture Notes in Computer Science, 24-48. doi:10.1007/978-3-319-45719-2_2

How Does RAP Works https://grsecurity.net/rap_faq.php

Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2005). Control-flow integrity. Proceedings of the 12th ACM conference on Computer and communications security - CCS ’05. doi:10.1145/1102120.1102165

Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1), 1-40. doi:10.1145/1609956.1609960

Hawkins, B., Demsky, B., & Taylor, M. B. (2016). BlackBox: lightweight security monitoring for COTS binaries. Proceedings of the 2016 International Symposium on Code Generation and Optimization - CGO 2016. doi:10.1145/2854038.2854062

Zhang, J., Hou, R., Fan, J., Liu, K., Zhang, L., & McKee, S. A. (2017). RAGuard. Proceedings of the Computing Frontiers Conference on ZZZ - CF’17. doi:10.1145/3075564.3075570

Burow, N., Carr, S. A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., & Payer, M. (2017). Control-Flow Integrity. ACM Computing Surveys, 50(1), 1-33. doi:10.1145/3054924

Hu, H., Qian, C., Yagemann, C., Chung, S. P. H., Harris, W. R., Kim, T., & Lee, W. (2018). Enforcing Unique Code Target Property for Control-Flow Integrity. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3243734.3243797

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Szekeres, L., McCamant, S., … Wei Zou. (2013). Practical Control Flow Integrity and Randomization for Binary Executables. 2013 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2013.44

Qiu, P., Lyu, Y., Zhang, J., Wang, D., & Qu, G. (2018). Control Flow Integrity Based on Lightweight Encryption Architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37(7), 1358-1369. doi:10.1109/tcad.2017.2748000

Criswell, J., Dautenhahn, N., & Adve, V. (2014). KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.26

Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., & Sidiroglou-Douskos, S. (2015). Control Jujutsu. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813646

Control Flow Guard https://courses.cs.washington.edu/courses/cse484/14au/reading/25-years-vulnerabilities.pdf

Li, J., Tong, X., Zhang, F., & Ma, J. (2018). Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels. IEEE Transactions on Information Forensics and Security, 13(6), 1535-1550. doi:10.1109/tifs.2018.2797932

Introduction to Intel® Memory Protection Extensions https://software.intel.com/en-us/articles/introduction-to-intel-memory-protection-extensions

Van der Veen, V., Andriesse, D., Göktaş, E., Gras, B., Sambuc, L., Slowinska, A., … Giuffrida, C. (2015). Practical Context-Sensitive CFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813673

Biondo, A., Conti, M., & Lain, D. (2018). Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets. Proceedings 2018 Network and Distributed System Security Symposium. doi:10.14722/ndss.2018.23318

Van der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., & Giuffrdia, C. (2017). The Dynamics of Innocent Flesh on the Bone. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3133956.3134026

Zhang, J., Qi, B., Qin, Z., & Qu, G. (2019). HCIC: Hardware-Assisted Control-Flow Integrity Checking. IEEE Internet of Things Journal, 6(1), 458-471. doi:10.1109/jiot.2018.2866164

Wang, X., Huang, F., & Chen, H. (2019). DTrace: fine-grained and efficient data integrity checking with hardware instruction tracing. Cybersecurity, 2(1). doi:10.1186/s42400-018-0018-3

Christoulakis, N., Christou, G., Athanasopoulos, E., & Ioannidis, S. (2016). HCFI. Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy - CODASPY ’16. doi:10.1145/2857705.2857722

Windows 10 Control Flow Guard Internals http://www.powerofcommunity.net/poc2014/mj0011.pdf

Crane, S. J., Franz, M., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., … De Sutter, B. (2015). It’s a TRaP. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813682

Zhang, M., Qiao, R., Hasabnis, N., & Sekar, R. (2014). A platform for secure static binary instrumentation. ACM SIGPLAN Notices, 49(7), 129-140. doi:10.1145/2674025.2576208

Dang, T. H. Y., Maniatis, P., & Wagner, D. (2015). The Performance Cost of Shadow Stacks and Stack Canaries. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS ’15. doi:10.1145/2714576.2714635

[-]

recommendations

 

This item appears in the following Collection(s)

Show full item record