Corpus ID: 18245757

Cryptographically Enforced Control Flow Integrity

@article{Mashtizadeh2014CryptographicallyEC,
  title={Cryptographically Enforced Control Flow Integrity},
  author={A. Mashtizadeh and Andrea Bittau and David Mazi{\`e}res and D. Boneh},
  journal={ArXiv},
  year={2014},
  volume={abs/1408.1451}
}
Recent Pwn2Own competitions have demonstrated the continued effectiveness of control hijacking attacks despite deployed countermeasures including stack canaries and ASLR. [...] Key MethodThis paper presents a cryptographic approach to control flow integrity (CCFI) that is both fine-grain and practical: using message authentication codes (MAC) to protect control flow elements such as return addresses, function pointers, and vtable pointers.Expand
Evaluating modern defenses against control flow hijacking
TLDR
It is shown that even a fine-grained form of CFI with unlimited number of tags is ineffective in protecting against attacks, and that many popular code bases such as Apache and Nginx use coding practices that create flexibility in their intended control flow graph (CFG) even when a strong static analyzer is used to construct the CFG. Expand
Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity
TLDR
It is shown that many popular code bases such as Apache and Nginx use coding practices that create flexibility in their intended control flow graph (CFG) even when a strong static analyzer is used to construct the CFG, which allows an attacker to gain control of the execution while strictly adhering to a fine-grained CFI. Expand
Mitigating Over-Permissible Transfer for Control Flow Integrity
TLDR
To eliminate over-permissible transfer in CFI systems, the Bloom filter-based policy database is established to store a large number of policies in a compact data structure with low false positive rate. Expand
Missing the Point(er): On the Effectiveness of Code Pointer Integrity
TLDR
It is shown that, for architectures that do not support segmentation in which CPI relies on information hiding, CPI's safe region can be leaked and then maliciously modified by using data pointer overwrites. Expand
Subversive-C: Abusing and Protecting Dynamic Message Dispatch
TLDR
This paper demonstrates the first COOP-style exploit for Objective-C, the predominant programming language on Apple's OS X and iOS platforms, and retrofit the Objective- C runtime with the first practical and efficient defense against this novel attack. Expand
HCIC: Hardware-Assisted Control-Flow Integrity Checking
TLDR
A new hardware-assisted control flow checking method to resist code reuse attacks with negligible performance overhead without extending ISAs, modifying the compiler or leaking the encryption/decryption key is proposed. Expand
Zipper Stack: Shadow Stacks Without Shadow
TLDR
A novel, lightweight mechanism protecting return addresses, Zipper Stack, which authenticates all return addresses by a chain structure using cryptographic message authentication codes (MACs) can defend against the most powerful attackers who have full control over the program's memory and even know the secret key of the MAC function. Expand
Hardware control flow integrity
TLDR
This chapter specifies a CFI model that captures many known CFI techniques, including stateless and stateful approaches as well as fine-grained and coarse-graining CFI policies, and designs and implements a novel hardwareenhanced CFI. Expand
Analysis of defenses against code reuse attacks on modern and new architectures
Today, the most common avenue for exploitation of computer systems is a control-flow attack in which the attacker gains direct or indirect control of the instruction pointer. In order to gain remoteExpand
Towards Improved Mitigations for Two Attacks on Memory Safety
TLDR
This dissertation considers protection schemes against the most popular form of control-flow hijacking: return-oriented programming (ROP), which depends on misusing RET instructions, and shows that, in principle, page permissions should be the most desirable approach. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 34 REFERENCES
Out of Control: Overcoming Control-Flow Integrity
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its idealExpand
Practical Control Flow Integrity and Randomization for Binary Executables
TLDR
A new practical and realistic protection method called CCFIR (Compact Control Flow Integrity and Randomization), which addresses the main barriers to CFI adoption and can stop control-flow hijacking attacks including ROP and return-into-libc. Expand
Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection
TLDR
This paper provides the first comprehensive security analysis of various CFI solutions, and shows that with bare minimum assumptions, turing-complete and real-world ROP attacks can still be launched even when the strictest of enforcement policies is in use. Expand
Code-pointer integrity
TLDR
This chapter describes code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program and thereby prevents all control-flow hijack attacks that exploit memory corruption errors, including attacks that bypass control- flow integrity mechanisms, such as control-flows bending. Expand
Control-flow integrity principles, implementations, and applications
TLDR
Control-flow integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions. Expand
Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
Constraining dynamic control transfers is a common technique for mitigating software vulnerabilities. This defense has been widely and successfully used to protect return addresses and stack data;Expand
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
  • C. Cowan
  • Computer Science
  • USENIX Security Symposium
  • 1998
TLDR
StackGuard is described: a simple compiler technique that virtually eliminates buffer overflow vulnerabilities with only modest performance penalties, and a set of variations on the technique that trade-off between penetration resistance and performance. Expand
PointGuard™: Protecting Pointers from Buffer Overflow Vulnerabilities
TLDR
The PointGuard implementation is described, its overhead is shown to be low when protecting real security-sensitive applications such as OpenSSL, and it is shown that PointGuard is effective in defending against buffer overflow vulnerabilities that are not blocked by previous defenses. Expand
Transparent ROP Exploit Mitigation Using Indirect Branch Tracing
TLDR
KBouncer, a practical runtime ROP exploit prevention technique for the protection of third-party applications based on the detection of abnormal control transfers that take place during ROP code execution, has low runtime overhead when stressed with specially crafted workloads. Expand
On the effectiveness of address-space randomization
TLDR
Aderandomization attack is demonstrated that will convert any standard buffer-overflow exploit into an exploit that works against systems protected by address-space randomization, and it is concluded that, on 32-bit architectures, the only benefit of PaX-like address- space randomization is a small slowdown in worm propagation speed. Expand
...
1
2
3
4
...