CCFI: Cryptographically enforced control flow integrity

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2015-October, Issue , 2015, Pages 941-951

  Mashtizadeh, Ali José ^a   Bittau, Andrea ^a   Boneh, Dan ^a   Mazières, David ^a  

^a STANFORD UNIVERSITY   (United States)

Author keywords

Control flow integrity; Return oriented programming; Vulnerabilities

Indexed keywords

DATA PRIVACY; SECURITY OF DATA;

CONTROL FLOWS; CONTROL-FLOW INTEGRITIES; FUNCTION POINTERS; MESSAGE AUTHENTICATION CODES; NEW APPROACHES; PROGRAM MEMORY; RETURN-ORIENTED PROGRAMMING; VULNERABILITIES;

CRYPTOGRAPHY;

EID: 84954161880     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2810103.2813676     Document Type: Conference Paper

References (25)

1. Intel Digital Random Generator (DRNG), August 2012. http://software.intel.com/sites/default/files/m/d/4/1/d/8/441-Intel-R-DRNG-Software-Implementation-Guide-final-Aug7.pdf.
2. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity: Principles, Implementations, and Applications. ACM Trans. Inf. Syst. Secur., 13(1):4:1-4:40, Nov. 2009.
3. A. Bittau, A. Belay, A. Mashtizadeh, D. Mazieres, and D. Boneh. BROP: Blind Return Oriented Programming. In Proc of IEEE Security Privacy 2014, Jun 2014.
4. E. Buchanan, R. Roemer, H. Shacham, and S. Savage. When good instructions go bad: Generalizing return-oriented programming to RISC. In Proceedings of CCS 2008, pages 27-38. ACM Press, Oct. 2008.
5. N. Carlini and D. Wagner. ROP is Still Dangerous: Breaking Modern Defenses. In 23rd USENIX Security Symposium (USENIX Security 14), pages 385-399, San Diego, CA, 2014. USENIX Association.
6. K. Cook. hardening-check - check binaries for security hardening features. http://manpages.ubuntu.com/manpages/lucid/man1/hardening-check.1.html.
7. C. Cowan, S. Beattie, J. Johansen, and P. Wagle. PointGuard: Protecting Pointers From Buffer Overflow Vulnerabilities. In Proc. of the 12th Usenix Security Symposium, 2003.
8. C. Cowan, C. Pu, D. Maier, J. Walpole, P. Bakke, S. Beattie, A. Grier, P. Wagle, and Q. Zhang. StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks. In Proc. of Usenix Security, 1998.
9. L. Davi, A.-R. Sadeghi, D. Lehmann, and F. Monrose. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In 23rd USENIX Security Symposium, San Diego, CA, 2014. USENIX Association.
10. M. Frantzen and M. Shuey. StackGhost: Hardware Facilitated Stack Protection. In In Proceedings of the 10th USENIX Security Symposium, pages 55-66, 2001.
11. E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out Of Control: Overcoming Control-Flow Integrity. In Proc of IEEE Security Privacy 2014, Jun 2014.
12. S. Gueron. Intel Advanced Encryption Standard (AES) New Instructions Set. Number 323641-001. Intel Corporation, May 2010.
13. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI 14), pages 147-163, Broomfield, CO, 2014. USENIX Association.
14. M. Labes. MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit. https://labs.mwrinfosecurity.com/blog/2013/04/19/mwr-labs-pwn2own-2013-write-up-webkit-exploit/.
15. A. Langley. Apple's SSL/TLS bug, 2014. www.imperialviolet.org/2014/02/22/applebug.html.
16. C. Latner. The LLVM Compiler Infrastructure. http://llvm.org/.
17. N. Mehta. The Heartbleed Bug, 2014. heartbleed.com.
18. H. Shacham, M. Page, B. Pfaff, E. Goh, N. Modadugu, and D. Boneh. On the Effectiveness of Address-Space Randomization. In Proc. of the 11'th ACM conference on Computer and Communications Security (CCS), pages 298-307, 2004.
19. A. Sotirov. Heap Feng Shui in Javascript. Blackhat Europe 2007, 2007.
20. P. Team. PaX address space layout randomization (ASLR), 2014. http://pax.grsecurity.net/docs/aslr.txt.
21. C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, U. Erlingsson, L. Lozano, and G. Pike. Enforcing Forward-Edge Control Flow Integrity in GCC & LLVM. In 23rd USENIX Security Symposium. USENIX Association, 2014.
22. Vendicator. StackShield. http://www.angelfire.com/sk/stackshield/.
23. Wikipedia Foundation, Inc. AES instruction set. http://en.wikipedia.org/wiki/AES-instruction-set, Apr. 2014.
24. Wikipedia Foundation, Inc. NX bit. http://en.wikipedia.org/wiki/NX-bit, Apr. 2014.
25. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical Control Flow Integrity and Randomization for Binary Executables. In Proceedings of the 2013 IEEE Symposium on Security and Privacy, pages 559-573, 2013.