scholarly journals Control-Flow Integrity: Attacks and Protections

2019 ◽  
Vol 9 (20) ◽  
pp. 4229 ◽  
Author(s):  
Sarwar Sayeed ◽  
Hector Marco-Gisbert ◽  
Ismael Ripoll ◽  
Miriam Birch
Keyword(s):  
Large Family ◽  
Research Community ◽  
Control Flow ◽  
Security Threat ◽  
Memory Errors ◽  
Software Developers ◽  
Control Flow Integrity ◽  
Indirect Branch ◽  
With Memory ◽  
Significant Attention

Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them.

Control Flow Integrity Based on Lightweight Encryption Architecture

2018 ◽  
Vol 37 (7) ◽  
pp. 1358-1369 ◽  
Author(s):  
Pengfei Qiu ◽  
Yongqiang Lyu ◽  
Jiliang Zhang ◽  
Dongsheng Wang ◽  
Gang Qu
Keyword(s):  
Control Flow ◽  
Control Flow Integrity ◽  
Lightweight Encryption

scholarly journals Analyzing control flow integrity with LLVM-CFI

2019 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Neumayer ◽  
Zhiqiang Lin ◽  
Gang Tan ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity

scholarly journals Reconciling optimization with secure compilation

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Son Tuan Vu ◽  
Albert Cohen ◽  
Arnaud De Grandmaison ◽  
Christophe Guillon ◽  
Karine Heydemann
Keyword(s):  
Side Effects ◽  
Control Flow ◽  
Partial Ordering ◽  
Input Output ◽  
Machine Code ◽  
Fine Grained ◽  
Control Flow Integrity ◽  
Correct Execution ◽  
Source Level ◽  
And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

$$\tau $$ CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries

2018 ◽  
pp. 423-444 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Fischer ◽  
Gang Tan ◽  
Zhiqiang Lin ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity

An Enhanced Dynamic Information Flow Tracking Method with Reverse Stack Execution

2015 ◽  
Vol 3 (1) ◽  
pp. 40-58 ◽  
Author(s):  
Anna Trikalinou ◽  
Nikolaos Bourbakis
Keyword(s):  
Programming Languages ◽  
Information Flow ◽  
Attack Detection ◽  
Control Flow ◽  
Security Issue ◽  
Memory Errors ◽  
Dynamic Information ◽  
C Programs ◽  
Information Flow Tracking ◽  
Dynamic Information Flow Tracking

Memory errors have long been a critical security issue primarily for C/C++ programming languages and are still considered one of the top three most dangerous software errors according to the MITRE ranking. In this paper the authors focus on their exploitation via control-flow hijacking and data-only attacks (stack, and partially heap (G. Novarck & E. Berger, 2010)) by proposing a synergistic security methodology, which can accurately detect and thwart them. Their methodology is based on the Dynamic Information Flow Tracking (DIFT) technique and improves its data-only attack detection by utilizing features from the Reverse Stack Execution (RSE) security technique. Thus, the authors can significantly lower the resource consumption of the latter methodology, while increasing the former's accuracy. Their proof-of-concept compiler implementation verifies their assumptions and is able to protect vulnerable C programs against various real-world attack scenarios.

Research on Control Flow Integrity Scheme for Android Platform

2019 ◽  
Author(s):  
Jiesheng Zheng ◽  
Wuqiang Shen ◽  
Yanwei Shang ◽  
Aohui Wang ◽  
Ruigang Liang ◽  
...  
Keyword(s):  
Control Flow ◽  
Android Platform ◽  
Control Flow Integrity
Sign in / Sign up

Export Citation Format

Share Document