Automated CFI Policy Assessment with Reckon
作者: Paul Muntean
DOI:
关键词:
摘要: Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect transfers through static dynamic analysis, attackers could search program for available gadgets that fall into legitimate target sets to bypass defenses. There are several tools helping both in developing exploits analysts strengthening their Yet, these fail adequately (1) model deployed (2) compare them a head-to-head way, (3) use semantic information help craft attack countermeasures. Control Integrity (CFI) proved be one promising defenses control flow hijacks tons efforts have been made improve CFI various ways past decade. However, there is lack systematic assessment existing In this paper, we present Reckon, source code analysis tool assessing state-of-the-art by first precisely modeling then evaluating unified framework. Reckon helps determine level security offered different find usable even after were applied, thus providing important step towards successful stronger We used assess eight on real-world such as Google's Chrome Apache Httpd. provides precise measurements residual surfaces, accordingly ranks policies each other. It also successfully paves way construct reuse eliminate remaining surface, disclosing calltargets under most restrictive
arxiv.org参考文章(34)
Antonio Barresi, David Wagner, Thomas R. Gross, Mathias Payer, Nicolas Carlini, Control-flow bending: on the effectiveness of control-flow integrity usenix security symposium. pp. 161- 176 ,(2015)
Stefan Nürnberger, Michael Backes, Oxymoron: making fine-grained memory randomization practical by allowing code sharing usenix security symposium. pp. 433- 447 ,(2014)
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike, Enforcing forward-edge control-flow integrity in GCC & LLVM usenix security symposium. pp. 941- 955 ,(2014)
Mingwei Zhang, R. Sekar, Control flow integrity for COTS binaries usenix security symposium. pp. 337- 352 ,(2013)
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A. Sadeghi, Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization ieee symposium on security and privacy. pp. 574- 588 ,(2013) , 10.1109/SP.2013.45
Frank Tip, Jong-Deok Choi, John Field, G. Ramalingam, Slicing class hierarchies in C++ Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications - OOPSLA '96. ,vol. 31, pp. 179- 197 ,(1996) , 10.1145/236337.236355
Yueqiang Cheng, Zongwei Zhou, Miao Yu, Xuhua Ding, Robert H. Deng, ROPecker: A Generic and Practical Approach For Defending Against ROP Attacks network and distributed system security symposium. pp. 1- ,(2014) , 10.14722/NDSS.2014.23156
Lucas Davi, Ahmad-Reza Sadeghi, Marcel Winandy, ROPdefender Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11. pp. 40- 51 ,(2011) , 10.1145/1966913.1966920
Ben Niu, Gang Tan, Modular control-flow integrity programming language design and implementation. ,vol. 49, pp. 577- 587 ,(2014) , 10.1145/2594291.2594295
Mauro Conti, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Marco Negro, Christopher Liebchen, Mohaned Qunaibit, Ahmad-Reza Sadeghi, Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks computer and communications security. pp. 952- 963 ,(2015) , 10.1145/2810103.2813671