Control flow integrity for COTS binaries

作者: Mingwei Zhang , R. Sekar

DOI:

关键词:

摘要: Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence relocation debug information in binary. In contrast, we present a technique for applying to stripped binaries ×86/Linux. Ours is first work apply complex shared libraries such glibc. Through experimental evaluation, demonstrate that our implementation effective against control-flow hijack eliminates vast majority ROP gadgets. To achieve this result, developed robust techniques disassembly, static analysis, transformation large binaries. Our tested over 300MB (executables libraries).

参考文章(38)
David Sehr, Cliff Biffle, Karl Schimpf, Brad Chen, Robert Muth, Egor Pasko, Bennet Yee, Victor Khimenko, Adapting software fault isolation to contemporary CPU architectures usenix security symposium. pp. 1- 1 ,(2010)
Felix C. Freiling, Ralf Hund, Thorsten Holz, Return-oriented rootkits: bypassing kernel code integrity protection mechanisms usenix security symposium. pp. 383- 398 ,(2009)
Minh Tran, Mark Etheridge, Tyler Bletsch, Xuxian Jiang, Vincent Freeh, Peng Ning, On the Expressiveness of Return-into-libc Attacks Lecture Notes in Computer Science. pp. 121- 141 ,(2011) , 10.1007/978-3-642-23644-0_7
Ping Chen, Hai Xiao, Xiaobin Shen, Xinchun Yin, Bing Mao, Li Xie, DROP: Detecting Return-Oriented Programming Malicious Code international conference on information systems security. ,vol. 5905, pp. 163- 177 ,(2009) , 10.1007/978-3-642-10772-6_13
Mike Frantzen, Mike Shuey, StackGhost: Hardware facilitated stack protection usenix security symposium. pp. 5- 5 ,(2001)
Daniel C. DuVarney, Sandeep Bhatkar, R. Sekar, Address obfuscation: an efficient approach to combat a board range of memory error exploits usenix security symposium. pp. 8- 8 ,(2003)
Greg Morrisett, Stephen McCamant, Evaluating SFI for a CISC architecture usenix security symposium. pp. 15- ,(2006)
Perry Wagle, Jonathan Walpole, Calton Pu, Steve Beattie, Aaron Grier, Crispin Cowan, Heather Hintony, Qian Zhang, Peat Bakke, Dave Maier, StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks usenix security symposium. pp. 5- 5 ,(1998)
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A. Sadeghi, Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization ieee symposium on security and privacy. pp. 574- 588 ,(2013) , 10.1109/SP.2013.45
Tyler Bletsch, Xuxian Jiang, Vince W. Freeh, Zhenkai Liang, Jump-oriented programming Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11. pp. 30- 40 ,(2011) , 10.1145/1966913.1966919