- -

Control-Flow Integrity: Attacks and Protections

RiuNet: Institutional repository of the Polithecnic University of Valencia

Share/Send to

Cited by

Statistics

Control-Flow Integrity: Attacks and Protections

Show simple item record

Files in this item

dc.contributor.author Sayeed, Sarwar es_ES
dc.contributor.author Marco-Gisbert, Héctor es_ES
dc.contributor.author Ripoll-Ripoll, Ismael es_ES
dc.contributor.author Birch, Miriam es_ES
dc.date.accessioned 2020-06-02T05:36:45Z
dc.date.available 2020-06-02T05:36:45Z
dc.date.issued 2019-10-10 es_ES
dc.identifier.uri http://hdl.handle.net/10251/144803
dc.description.abstract [EN] Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them. es_ES
dc.language Inglés es_ES
dc.publisher MDPI AG es_ES
dc.relation.ispartof Applied Sciences es_ES
dc.rights Reconocimiento (by) es_ES
dc.subject CFI protections es_ES
dc.subject CFI attacks es_ES
dc.subject Memory errors es_ES
dc.subject Security es_ES
dc.subject Exploitation es_ES
dc.subject.classification ARQUITECTURA Y TECNOLOGIA DE COMPUTADORES es_ES
dc.title Control-Flow Integrity: Attacks and Protections es_ES
dc.type Artículo es_ES
dc.identifier.doi 10.3390/app9204229 es_ES
dc.rights.accessRights Abierto es_ES
dc.contributor.affiliation Universitat Politècnica de València. Departamento de Informática de Sistemas y Computadores - Departament d'Informàtica de Sistemes i Computadors es_ES
dc.description.bibliographicCitation Sayeed, S.; Marco-Gisbert, H.; Ripoll-Ripoll, I.; Birch, M. (2019). Control-Flow Integrity: Attacks and Protections. Applied Sciences. 9(20):1-22. https://doi.org/10.3390/app9204229 es_ES
dc.description.accrualMethod S es_ES
dc.relation.publisherversion https://doi.org/10.3390/app9204229 es_ES
dc.description.upvformatpinicio 1 es_ES
dc.description.upvformatpfin 22 es_ES
dc.type.version info:eu-repo/semantics/publishedVersion es_ES
dc.description.volume 9 es_ES
dc.description.issue 20 es_ES
dc.identifier.eissn 2076-3417 es_ES
dc.relation.pasarela S\400626 es_ES
dc.description.references Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., … Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). doi:10.1109/isca.2014.6853210 es_ES
dc.description.references Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad. Proceedings of the 15th ACM conference on Computer and communications security - CCS ’08. doi:10.1145/1455770.1455776 es_ES
dc.description.references Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866370 es_ES
dc.description.references Bletsch, T., Jiang, X., Freeh, V. W., & Liang, Z. (2011). Jump-oriented programming. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS ’11. doi:10.1145/1966913.1966919 es_ES
dc.description.references Bosman, E., & Bos, H. (2014). Framing Signals - A Return to Portable Shellcode. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.23 es_ES
dc.description.references GCC Extension for Protecting Applications from Stack-Smashing Attacks (ProPolice) http://www.trl.ibm.com/projects/security/ssp/ es_ES
dc.description.references Address Space Layout Randomization http://pax.grsecurity.net/docs/aslr.txt es_ES
dc.description.references Lu, K., Song, C., Lee, B., Chung, S. P., Kim, T., & Lee, W. (2015). ASLR-Guard. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813694 es_ES
dc.description.references New Security Enhancementsin Red Hat Enterprise Linux http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf es_ES
dc.description.references Wehbe, T., Mooney, V., & Keezer, D. (2018). Hardware-Based Run-Time Code Integrity in Embedded Devices. Cryptography, 2(3), 20. doi:10.3390/cryptography2030020 es_ES
dc.description.references Nanda, S., Li, W., Lam, L., & Chiueh, T. (2006). Foreign Code Detection on the Windows/X86 Platform. 2006 22nd Annual Computer Security Applications Conference (ACSAC’06). doi:10.1109/acsac.2006.29 es_ES
dc.description.references CWE Category http://cwe.mitre.org/ es_ES
dc.description.references Stack-Based Buffer Overflow Attacks: What You Need to Know https://blog.rapid7.com/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/ es_ES
dc.description.references Novark, G., & Berger, E. D. (2010). DieHarder. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866371 es_ES
dc.description.references Dietz, W., Li, P., Regehr, J., & Adve, V. (2015). Understanding Integer Overflow in C/C++. ACM Transactions on Software Engineering and Methodology, 25(1), 1-29. doi:10.1145/2743019 es_ES
dc.description.references Dowson, M. (1997). The Ariane 5 software failure. ACM SIGSOFT Software Engineering Notes, 22(2), 84. doi:10.1145/251880.251992 es_ES
dc.description.references An Introduction to Use After Free Vulnerabilities https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities es_ES
dc.description.references Null Dereference https://www.owasp.org/index.php/Null_Dereference es_ES
dc.description.references Code Injection https://www.owasp.org/index.php/Code_Injection es_ES
dc.description.references Performing a Ret2libc Attack https://www.shellblade.net/docs/ret2libc.pdf es_ES
dc.description.references Roglia, G. F., Martignoni, L., Paleari, R., & Bruschi, D. (2009). Surgically Returning to Randomized lib(c). 2009 Annual Computer Security Applications Conference. doi:10.1109/acsac.2009.16 es_ES
dc.description.references Guan, L., Lin, J., Luo, B., Jing, J., & Wang, J. (2015). Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory. 2015 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2015.8 es_ES
dc.description.references Defending against Return-Oriented Programming https://www.cs.columbia.edu/~angelos/Papers/theses/vpappas_thesis.pdf es_ES
dc.description.references Niu, B., & Tan, G. (2015). Per-Input Control-Flow Integrity. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813644 es_ES
dc.description.references Mashtizadeh, A. J., Bittau, A., Boneh, D., & Mazières, D. (2015). CCFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813676 es_ES
dc.description.references Muench, M., Pagani, F., Shoshitaishvili, Y., Kruegel, C., Vigna, G., & Balzarotti, D. (2016). Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory. Lecture Notes in Computer Science, 24-48. doi:10.1007/978-3-319-45719-2_2 es_ES
dc.description.references How Does RAP Works https://grsecurity.net/rap_faq.php es_ES
dc.description.references Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2005). Control-flow integrity. Proceedings of the 12th ACM conference on Computer and communications security - CCS ’05. doi:10.1145/1102120.1102165 es_ES
dc.description.references Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1), 1-40. doi:10.1145/1609956.1609960 es_ES
dc.description.references Hawkins, B., Demsky, B., & Taylor, M. B. (2016). BlackBox: lightweight security monitoring for COTS binaries. Proceedings of the 2016 International Symposium on Code Generation and Optimization - CGO 2016. doi:10.1145/2854038.2854062 es_ES
dc.description.references Zhang, J., Hou, R., Fan, J., Liu, K., Zhang, L., & McKee, S. A. (2017). RAGuard. Proceedings of the Computing Frontiers Conference on ZZZ - CF’17. doi:10.1145/3075564.3075570 es_ES
dc.description.references Burow, N., Carr, S. A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., & Payer, M. (2017). Control-Flow Integrity. ACM Computing Surveys, 50(1), 1-33. doi:10.1145/3054924 es_ES
dc.description.references Hu, H., Qian, C., Yagemann, C., Chung, S. P. H., Harris, W. R., Kim, T., & Lee, W. (2018). Enforcing Unique Code Target Property for Control-Flow Integrity. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3243734.3243797 es_ES
dc.description.references Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Szekeres, L., McCamant, S., … Wei Zou. (2013). Practical Control Flow Integrity and Randomization for Binary Executables. 2013 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2013.44 es_ES
dc.description.references Qiu, P., Lyu, Y., Zhang, J., Wang, D., & Qu, G. (2018). Control Flow Integrity Based on Lightweight Encryption Architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37(7), 1358-1369. doi:10.1109/tcad.2017.2748000 es_ES
dc.description.references Criswell, J., Dautenhahn, N., & Adve, V. (2014). KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.26 es_ES
dc.description.references Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., & Sidiroglou-Douskos, S. (2015). Control Jujutsu. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813646 es_ES
dc.description.references Control Flow Guard https://courses.cs.washington.edu/courses/cse484/14au/reading/25-years-vulnerabilities.pdf es_ES
dc.description.references Li, J., Tong, X., Zhang, F., & Ma, J. (2018). Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels. IEEE Transactions on Information Forensics and Security, 13(6), 1535-1550. doi:10.1109/tifs.2018.2797932 es_ES
dc.description.references Introduction to Intel® Memory Protection Extensions https://software.intel.com/en-us/articles/introduction-to-intel-memory-protection-extensions es_ES
dc.description.references Van der Veen, V., Andriesse, D., Göktaş, E., Gras, B., Sambuc, L., Slowinska, A., … Giuffrida, C. (2015). Practical Context-Sensitive CFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813673 es_ES
dc.description.references Biondo, A., Conti, M., & Lain, D. (2018). Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets. Proceedings 2018 Network and Distributed System Security Symposium. doi:10.14722/ndss.2018.23318 es_ES
dc.description.references Van der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., & Giuffrdia, C. (2017). The Dynamics of Innocent Flesh on the Bone. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3133956.3134026 es_ES
dc.description.references Zhang, J., Qi, B., Qin, Z., & Qu, G. (2019). HCIC: Hardware-Assisted Control-Flow Integrity Checking. IEEE Internet of Things Journal, 6(1), 458-471. doi:10.1109/jiot.2018.2866164 es_ES
dc.description.references Wang, X., Huang, F., & Chen, H. (2019). DTrace: fine-grained and efficient data integrity checking with hardware instruction tracing. Cybersecurity, 2(1). doi:10.1186/s42400-018-0018-3 es_ES
dc.description.references Christoulakis, N., Christou, G., Athanasopoulos, E., & Ioannidis, S. (2016). HCFI. Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy - CODASPY ’16. doi:10.1145/2857705.2857722 es_ES
dc.description.references Windows 10 Control Flow Guard Internals http://www.powerofcommunity.net/poc2014/mj0011.pdf es_ES
dc.description.references Crane, S. J., Franz, M., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., … De Sutter, B. (2015). It’s a TRaP. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813682 es_ES
dc.description.references Zhang, M., Qiao, R., Hasabnis, N., & Sekar, R. (2014). A platform for secure static binary instrumentation. ACM SIGPLAN Notices, 49(7), 129-140. doi:10.1145/2674025.2576208 es_ES
dc.description.references Dang, T. H. Y., Maniatis, P., & Wagner, D. (2015). The Performance Cost of Shadow Stacks and Stack Canaries. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS ’15. doi:10.1145/2714576.2714635 es_ES
dc.subject.ods 08.- Fomentar el crecimiento económico sostenido, inclusivo y sostenible, el empleo pleno y productivo, y el trabajo decente para todos es_ES


This item appears in the following Collection(s)

Show simple item record