Corpus ID: 52222148

DROP THE ROP : Fine Grained Control-Flow Integrity for The Linux Kernel

@inproceedings{Moreira2017DROPTR,
  title={DROP THE ROP : Fine Grained Control-Flow Integrity for The Linux Kernel},
  author={J. Moreira and Sandro},
  year={2017}
}
  • J. Moreira, Sandro
  • Published 2017
  • The introduction of W^X memory policies and the subsequent mitigation of return-to-user attacks, has rendered return-oriented programming (ROP) the most prominent exploitation method of kernel-level vulnerabilities. Control-flow integrity (CFI) is an effective defense against ROP, but despite its many refinements during the past decade and its recent deployment for the protection of user-space applications, it has received significantly less attention for the kernel setting. The few existing… CONTINUE READING
    10 Citations

    Figures and Tables from this paper.

    Toward Linux kernel memory safety
    • 1
    • PDF
    IskiOS: Lightweight Defense Against Kernel-Level Code-Reuse Attacks
    • 9
    • PDF
    Control-flow integrity: attacks and protections
    • 2
    • PDF
    Camouflage: Hardware-assisted CFI for the ARM Linux kernel
    O ct 2 01 7 Towards Linux Kernel Memory Safety
    On the Effectiveness of Type-based Control Flow Integrity
    • 11
    • Highly Influenced
    • PDF
    An Info-Leak Resistant Kernel Randomization for Virtualized Systems
    Advanced code reuse attacks against modern defences
    • 1
    • PDF

    References

    SHOWING 1-10 OF 83 REFERENCES
    Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection
    • 264
    • Highly Influential
    • PDF
    Fine-Grained Control-Flow Integrity for Kernel Software
    • 60
    • Highly Influential
    • PDF
    Transparent ROP Exploit Mitigation Using Indirect Branch Tracing
    • 261
    • PDF
    Fine-Grained Control-Flow Integrity Through Binary Hardening
    • 85
    • PDF
    KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels
    • 143
    • Highly Influential
    • PDF
    Comprehensive kernel instrumentation via dynamic binary translation
    • 49
    • PDF
    kGuard: Lightweight Kernel Protection against Return-to-User Attacks
    • 91
    • Highly Influential
    • PDF
    Control-flow restrictor: compiler-based CFI for iOS
    • 53
    • PDF
    Binding the Daemon : FreeBSD Kernel Stack and Heap Exploitation
    • Patroklos argp
    • 2010
    • 4
    Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
    • 277
    • Highly Influential
    • PDF