Practical context-sensitive CFI

Proceedings of the ACM Conference on Computer and Communications Security

Volumn 2015-October, Issue , 2015, Pages 927-940

  Van Der Veen, Victor ^a   Andriesse, Dennis ^a   Göktaş, Enes ^a   Gras, Ben ^a   Sambuc, Lionel ^a   Slowinska, Asia ^a,b   Bos, Herbert ^a   Giuffrida, Cristiano ^a  

^a VU UNIVERSITY AMSTERDAM   (Netherlands)

^b Lastline   (United States)

Author keywords

Context sensitive CFI; Control flow integrity

Indexed keywords

DATA PRIVACY;

COMMODITY HARDWARE; CONTEXT SENSITIVE; CONTEXT-SENSITIVE POLICIES; CONTROL-FLOW INTEGRITIES; PROGRAM STATE; REAL-WORLD; TRACK CONTROL;

SECURITY OF DATA;

EID: 84954175453     PISSN: 15437221     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2810103.2813673     Document Type: Conference Paper

References (55)

1. Apache benchmark. http://httpd.apache.org/docs/2.0/programs/ab.html.
2. LLVM DSA - Reproduce the Result in PLDI 07 Paper. http://lists.cs.uiuc.edu/pipermail/llvmdev/2015-May/085390.html.
3. OpenSSH portable regression tests. http://www.dtucker.net/openssh/regress.
4. pyftpdlib. https://code.google.com/p/pyftpdlib.
5. SendEmail. http://caspian.dotconf.net/menu/Software/SendEmail.
6. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity. In ACM CCS, 2005.
7. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. A theory of secure control-flow. In ICFEM, 2005.
8. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM TISSEC, 13(1), 2009.
9. P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with WIT. In IEEE S&P, 2008.
10. A. R. Bernat and B. P. Miller. Anywhere, any-time binary instrumentation. In PASTE, 2011.
11. S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX SEC, 2005.
12. T. Bletsch, X. Jiang, and V. Freeh. Mitigating code-reuse attacks with control-flow locking. In ACSAC, 2011.
13. E. Bosman and H. Bos. Framing signals-A return to portable shellcode. In IEEE S&P, 2014.
14. B. Buck and J. K. Hollingsworth. An API for runtime code patching. IJHPCA, 14(4), 2000.
15. N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross. Control-flow bending: On the effectiveness of control-flow integrity. In USENIX SEC, 2015.
16. N. Carlini and D. Wagner. ROP is still dangerous: Breaking modern defenses. In USENIX SEC, 2014.
17. S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM CCS, 2010.
18. X. Chen, A. Slowinska, D. Andriesse, H. Bos, and C. Giuffrida. StackArmor: Comprehensive protection from stack-based memory error vulnerabilities for binaries. In NDSS, 2015.
19. Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. Deng. ROPecker: A generic and practical approach for defending against ROP attacks. In NDSS, 2014.
20. T.-C. Chiueh and F.-H. Hsu. RAD: A compile-time solution to buffer overflow attacks. In ICDCS, 2001.
21. M. L. Corliss, E. C. Lewis, and A. Roth. Using DISE to protect return addresses from attack. In ASSAV, 2004.
22. J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete control-flow integrity for commodity operating system kernels. In IEEE S&P, 2014.
23. T. H. Dang, P. Maniatis, and D. Wagner. The performance cost of shadow stacks and stack canaries. In ASIACCS, 2015.
24. L. Davi, A.-R. Sadeghi, D. Lehmann, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX SEC, 2014.
25. U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software guards for system address spaces. In OSDI, 2006.
26. I. Fratric. Runtime prevention of return-oriented programming attacks, 2012. Technical report.
27. E. Goktaş, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In IEEE S&P, 2014.
28. E. Goktaş, E. Athanasopoulos, M. Polychronakis, H. Bos, and G. Portokalidis. Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard. In USENIX SEC, 2014.
29. V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In USENIX SEC, 2002.
30. S. Krishnamoorthy, M. Hsiao, and L. Lingappan. Tackling the path explosion problem in symbolic execution-driven test generation for programs. In IEEE ATS, 2010.
31. V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In OSDI, 2014.
32. C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In PLDI, pages 278-289, 2007.
33. B. Niu and G. Tan. Monitor integrity protection with space efficiency and separate compilation. In ACM CCS, 2013.
34. B. Niu and G. Tan. Modular control-flow integrity. In PLDI, 2014.
35. B. Niu and G. Tan. RockJIT: Securing just-in-time compilation using modular control-flow integrity. In ACM CCS, 2014.
36. V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX SEC, 2013.
37. M. Payer, A. Barresi, and T. R. Gross. Fine-grained control-flow integrity through binary hardening. In DIMVA, 2015.
38. M. Prasad and T. Cker Chiueh. A binary rewriting defense against stack-based buffer overflow attacks. In USENIX ATC, 2003.
39. B. G. Roth and E. H. Spafford. Implicit buffer overflow protection using memory segregation. In ARES, 2011.
40. F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming. In IEEE S&P, 2015.
41. F. Schuster, T. Tendyck, J. Pewny, A. Maas, M. Steegmanns, M. Contag, and T. Holz. Evaluating the effectiveness of current anti-ROP defenses. In RAID, 2014.
42. H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM CCS, 2007.
43. S. Sinnadurai, Q. Zhao, and W.-F. Wong. Transparent runtime shadow stack: Protection against malicious return address modifications, 2004. Technical report.
44. A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineering data structures. In NDSS, 2011.
45. K. Z. Snow, L. Davi, A. Dmitrienko, C. Liebchen, F. Monrose, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE S&P, May 2013.
46. M. L. Soffa, K. R. Walcott, and J. Mars. Exploiting hardware advances for software testing and debugging (nier track). In ICSE, 2011.
47. C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Ulfar Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in GCC and LLVM. In USENIX SEC, 2014.
48. D. Wagner and D. Dean. Intrusion detection via static analysis. In IEEE S&P, 2001.
49. Z. Wang and X. Jiang. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE S&P, 2010.
50. Y. Xia, Y. Liu, H. Chen, and B. Zang. CFIMon: Detecting violation of control flow integrity using performance counters. In IEEE DSN, 2012.
51. Y. Younan, D. Pozza, F. Piessens, and W. Joosen. Extended protection against stack smashing attacks without performance loss. In ACSAC, 2006.
52. B. Zeng, G. Tan, and U. Erlingsson. Strato: A retargetable framework for low-level inlined-reference monitors. In USENIX SEC, 2013.
53. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical control-flow integrity and randomization for binary executables. In IEEE S&P, 2013.
54. M. Zhang, R. Qiao, N. Hasabnis, and R. Sekar. A platform for secure static binary instrumentation. In VEE, 2014.
55. M. Zhang and R. Sekar. Control flow integrity for COTS binaries. In USENIX SEC, 2013.