Towards automated integrity protection of C++ virtual function tables in binary programs

ACM International Conference Proceeding Series

Volumn 2014-December, Issue December, 2014, Pages 396-405

  Gawlik, Robert ^a   Holz, Thorsten ^a  

^a RUHR UNIVERSITY BOCHUM   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

BENCHMARKING; BINS; COMPUTER SOFTWARE; SECURITY OF DATA; SECURITY SYSTEMS; WEB BROWSERS;

DANGLING POINTERS; INTEGRITY PROTECTION; INTERNET EXPLORERS; MICRO AND MACRO LEVELS; POLICY ENFORCEMENT; STATIC BINARY ANALYSIS; VIRTUAL FUNCTION TABLES; VIRTUAL FUNCTIONS;

C++ (PROGRAMMING LANGUAGE);

EID: 84954564343     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/2664243.2664249     Document Type: Conference Paper

References (48)

1. M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-Flow Integrity. In ACM Conference on Computer and Communications Security (CCS), 2005.
2. J. Afek and A. Sharabani. Dangling pointer: Smashing the pointer for fun and profit. Black Hat USA, 2007.
3. Apple. Sunspider 1.0.2. https://www.webkit.org/perf/sunspider/sunspider.html, 2014.
4. V. Bala, E. Duesterwald, and S. Banerjia. Dynamo: A transparent dynamic optimization system. ACM SIGPLAN Notices, 35(5):1-12, 2000.
5. E. G. Barrantes, D. H. Ackley, S. Forrest, and D. Stefanovíc. Randomized instruction set emulation. ACM Trans. Inf. Syst. Secur., 8(1):3-40, Feb. 2005.
6. P. Becker et al. Working draft, standard for programming language c++. Technical report, Technical Report, 2011.
7. D. Binkley and M. Harman. A Survey of Empirical Results on Program Slicing. Advances in Computing, 62:105-178, 2003.
8. T. Bletsch, X. Jiang, V. W. Freeh, and Z. Liang. Jump-oriented programming: A new class of code-reuse attack. In ACM Symposium on Information, Computer and Communications Security, 2011.
9. Botan. Botan C++ crypto library. http://botan.randombit.net/, 2013.
10. D. Bruening, E. Duesterwald, and S. Amarasinghe. Design and implementation of a dynamic optimization framework for windows. In 4th ACM Workshop on Feedback-Directed and Dynamic Optimization (FDDO-4), 2001.
11. J. Cab allero, G. Grieco, M. Marron, and A. Nappa. Undangle: Early detection of dangling pointers in use-after-free and double-free vulnerabilities. In International Symposium on Software Testing and Analysis (ISSTA), 2012.
12. D. Dai Zovi. Practical return-oriented programming. SOURCE Boston, 2010.
13. M. Daniel, J. Honoroff, and C. Miller. Engineering Heap Overflow Exploits with JavaScript. In USENIX Workshop on Offensive Technologies (WOOT), 2008.
14. K. Driesen U. Hölzle The direct cost of virtual function calls in c++.. ACM Sigplan Notices 31( 10) 306-323 1996.
15. T. Dullien and S. Porst. REIL: A platform-independent intermediate representation of disassembled code for static code analysis. CanSecWest, 2009.
16. FireEye. Operation SnowMan. http://goo.gl/NL0ZmV, 2014.
17. R. Gawlik and T. Holz. Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs. Technical Report TR-HGI-2014-004, Ruhr-University Bochum, Oct. 2014.
18. C. Giuffrida, A. Kuijsten, and A. S. Tanenbaum. Enhanced operating system security through efficient and fine-grained address space randomization. In USENIX Security Symposium, 2012.
19. E. Göktas, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In IEEE Symposium on Security and Privacy, 2014.
20. M. Harman and S. Danicic. Amorphous program slicing. In 5th International Workshop on Program Comprehension, 1997.
21. I. Ivanov. Api hooking revealed. The Code Project, 2002.
22. D. Jang, Z. Tatlock, and S. Lerner. SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks. In Symposium on Network and Distributed System Security (NDSS), 2014.
23. W. Jin, C. Cohen, J. Genna ri, C. Hines, S. Chaki, A. Gurfinkel, J. Havrilla, and P. Narasimhan. Recovering c++ objects from binaries using inter-procedural data-flow analysis. In Proceedings of ACM SIGPLAN on Program Protection and Reverse Eng ineering Workshop 2014, page 1. ACM, 2014.
24. K. D. Johnson and M. R. Miller. Using virtual table protections to prevent the exploitation of object corruption vulnerabilities, 2010. US Patent App. 12/958,668.
25. C. Kil, J. Jim, C. Bookholt, J. Xu, and P. Ning. Address space layout permutation (aslp): Towards fine-grained randomization of commodity software. In Annual Computer Security Applicati ons Conference (ACSAC), 2006.
26. S. Krahmer. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique. http://users.suse.com/~krahmer/no-nx.pdf, 2005.
27. C.-K. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, G. Lowney, S. Wallace, V. J. Reddi, and K. Hazelwood. Pin: Building customized program analysis tools with dynamic instrumentation. Acm Sigplan Notices, 40(6):190-200, 2005.
28. Microsoft. AppInit DLLs in Windows 7. http://goo.gl/BchJ4J, 2013.
29. Microsoft. MS13-080 addresses two vulnerabilities under limited, targeted attacks. http://goo.gl/sCZNkL, 2013.
30. Microsoft. Thiscall Calling Convention. http://goo.gl/5o48Ub, 2013.
31. I. Molnar. Exec shield, new lin ux security feature. News-Forge, May, 2003.
32. Mozilla. Firefox 0-day found on Tor.onion service. https://bugzilla.mozilla.org/show-bug.cgi?id=901365, 2013.
33. Moz illa. Kraken Benchmark Suite. http://krakenbenchmark.mozilla.org/, 2014.
34. P. O'Sullivan, K. Anand, A. Kotha, M. Smithson, R. Barua, and A. D. Keromytis. Retrofitting security in cots softw are with binary rewriting. In Future Challenges in Security and Privacy for Academia and Industry, pages 154-172. Springer, 2011.
35. D. Quinlan. ROSE: Compiler Support for Object-oriented Frameworks. Parallel Processing Letters, 10(02/03), 2000.
36. G. F. Roglia L. Martignoni R. Paleari D. Bruschi Surgically returning to randomized lib (c. Annual Computer Security Applications Conference (ACSAC 2009.
37. F. J. Serna. The info leak era on software exploitation. Black Hat USA, 2012.
38. H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM Conference on Computer and Communications Security (CCS), 2007.
39. J. Silva. A vocabulary of program slicing-based techniques. ACM Computing Surveys (CSUR), 44(3):12, 2012.
40. A. Sotirov. Heap Feng Shui in JavaScript. Black Hat Europe, 2007.
41. A. Srivastava, A. Edwards, and H. Vo. Vulcan: Binary transformation in a distributed environment. Technical report, technical report msr-tr-2001-50, microsoft research, 2001.
42. B. Stroustrup. C++. John Wiley and Sons Ltd., 2003.
43. L. Szekeres, M. Payer, T. Wei, and D. Song. Sok: Eternal war in memory. In IEEE Symposium on Security and Privacy, 2013.
44. C. Tice, T. Roeder, P. Collin gbourne, S. Checkoway, U. Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in gcc & llvm. In USENIX Security Symposium, 2014.
45. R. Wartell, V. Mohan, K. W. Hamlen, and Z. Lin. Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code. In ACM Conference on Computer and Communications Security (CCS), 2012.
46. Y. Yang. DEP/ASLR bypass witho ut ROP/JIT. CanSecWest, 2013.
47. C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical Control Flow Integrity & Randomization for Binary Executables. In IEEE Symposium on Security and Privacy, 2013.
48. M. Zhang and R. Sekar. BinCFI: Control Flow Integrity for COTS Binaries. In USENIX Security Symposium, 2013.