Access the full text.
Sign up today, get DeepDyve free for 14 days.
C. Luk, R. Cohn, R. Muth, H. Patil, A. Klauser, Geoff Lowney, S. Wallace, V. Reddi, K. Hazelwood (2005)
Pin: building customized program analysis tools with dynamic instrumentation
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, László Szekeres, Stephen McCamant, D. Song, Wei Zou (2013)
Practical Control Flow Integrity and Randomization for Binary Executables2013 IEEE Symposium on Security and Privacy
(2010)
Return Oriented Programming for the ARM Architecture. Master’s Thesis. Ruhr-Universitat Bochum
S. Das, W. Zhang, Y. Liu (2014)
Reconfigurable dynamic trusted platform module for control flow checkingProceedings of ISVLSI
James Oakley, S. Bratus (2011)
Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques with No Native Executable Code
G. Ramalingam (1994)
The undecidability of aliasingACM Transactions on Programming Languages and Systems, 16
A. Putnam, A. M. Caulfield, E. S. Chung, D. Chiou, K. Constantinides, J. Demme, H. Esmaeilzadeh (2014)
A reconfigurable fabric for accelerating large-scale datacenter servicesProceedings of ISCA
C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, W. Zou (2013)
Practical control flow integrity and randomization for binary executablesProceedings of IEEE S8P
Sanjeev Das, Wei Zhang, Yang Liu (2014)
Reconfigurable Dynamic Trusted Platform Module for Control Flow Checking2014 IEEE Computer Society Annual Symposium on VLSI
Stephen Checkoway, Lucas Davi, A. Dmitrienko, A. Sadeghi, H. Shacham, M. Winandy (2010)
Return-oriented programming without returns
E. Buchanan, Ryan Roemer, H. Shacham, S. Savage (2008)
When good instructions go bad: generalizing return-oriented programming to RISCProceedings of the 15th ACM conference on Computer and communications security
Lucas Davi, Matthias Hanreich, Debayan Paul, A. Sadeghi, Patrick Koeberl, Dean Sullivan, Orlando Arias, Yier Jin (2015)
HAFIX: Hardware-Assisted Flow Integrity eXtension2015 52nd ACM/EDAC/IEEE Design Automation Conference (DAC)
(2015)
Exploitation trends: From potential risk to actual risk
John Wilander, Nick Nikiforakis, Yves Younan, Mariam Kamkar, W. Joosen (2011)
RIPE: runtime intrusion prevention evaluator
Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R. Sekar, D. Song (2014)
Code-pointer integrityThe Continuing Arms Race
K. Z. Snow, F. Monrose, L. Davi, A. Dmitrienko, C. Liebchen, A.-R. Sadeghi (2013)
Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomizationProceedings of IEEE S8P
V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, D. Song (2014)
Code-pointer integrityProceedings of USENIX OSDI
Shell-Storm
[nROPgadget—Gadgets Finder and Auto-Roper. Retrieved December 22, 2019 from http://shell-storm.org/project/ROPgadget/., 22
N. Burow, Scott Carr, Joseph Nash, Per Larsen, M. Franz, Stefan Brunthaler, Mathias Payer (2017)
Control-Flow IntegrityACM Computing Surveys (CSUR), 50
Nicholas Carlini, D. Wagner (2014)
ROP is Still Dangerous: Breaking Modern Defenses
R. Ubal, B. Jang, Perhaad Mistry, Dana Schaa, D. Kaeli (2012)
Multi2Sim: A simulation framework for CPU-GPU computing2012 21st International Conference on Parallel Architectures and Compilation Techniques (PACT)
Santosh Nagarakatte, Jianzhou Zhao, Milo Martin, S. Zdancewic (2010)
CETS: compiler enforced temporal safety for C
Yan Lin, Xiaoxiao Tang, Debin Gao, Jianming Fu (2016)
Control Flow Integrity Enforcement with Dynamic Code Optimization
M. Kayaalp, Meltem Ozsoy, N. Abu-Ghazaleh, D. Ponomarev (2012)
Branch regulation: Low-overhead protection from code reuse attacks2012 39th Annual International Symposium on Computer Architecture (ISCA)
Exploring control flow guard in Windows 10
C. Cowan (1998)
StackGuard: Automatic Adaptive Detection and Prevention of Buffer-Overflow Attacks
Enes Göktas, E. Athanasopoulos, H. Bos, G. Portokalidis (2014)
Out of Control: Overcoming Control-Flow Integrity2014 IEEE Symposium on Security and Privacy
T. Bletsch, Xuxian Jiang, V. Freeh, Zhenkai Liang (2011)
Jump-oriented programming: a new class of code-reuse attack
T. Kornau (2010)
Return Oriented Programming for the ARM ArchitectureMaster’s Thesis. Ruhr-Universitat Bochum.
V. Veen, Enes Göktas, Moritz Contag, Andre Pawlowski, X. Chen, Sanjay Rawat, H. Bos, Thorsten Holz, E. Athanasopoulos, Cristiano Giuffrida (2016)
A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level2016 IEEE Symposium on Security and Privacy (SP)
(2019)
Ropper—Rop Gadget Finder and Binary Information Tool
Intel (2017)
Control-Flow Enforcement Technology PreviewIntel.
Yubin Xia, Yutao Liu, Haibo Chen, B. Zang (2012)
CFIMon: Detecting violation of control flow integrity using performance countersIEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2012)
Andrew Putnam, Adrian Caulfield, Eric Chung, Derek Chiou, Kypros Constantinides, J. Demme, H. Esmaeilzadeh, J. Fowers, G. Gopal, J. Gray, M. Haselman, S. Hauck, S. Heil, Amir Hormati, Joo-Young Kim, S. Lanka, J. Larus, Eric Peterson, Simon Pope, Aaron Smith, J. Thong, Phillip Xiao, D. Burger (2015)
A Reconfigurable Fabric for Accelerating Large-Scale Datacenter ServicesIEEE Micro, 35
H. Shacham (2007)
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Sanjeev Das, Wei Zhang, Yang Liu (2016)
A Fine-Grained Control Flow Integrity Approach Against Runtime Memory Attacks for Embedded SystemsIEEE Transactions on Very Large Scale Integration (VLSI) Systems, 24
J. L. Henning (2006)
SPEC CPU2006 benchmark descriptionsACM SIGARCH Computer Architecture News, 34
Lucas Davi, A. Sadeghi, M. Winandy (2011)
ROPdefender: a detection tool to defend against return-oriented programming attacks
(2016)
Intel 64 and IA-32 Architectures Software Developer's Manual. Intel
Mingwei Zhang, R. Sekar (2013)
Control Flow Integrity for COTS Binaries
M. Tran, M. Etheridge, T. Bletsch, Xuxian Jiang, V. Freeh, P. Ning (2011)
On the Expressiveness of Return-into-libc Attacks
(2019)
ROPgadget—Gadgets Finder and Auto-Roper
Mingwei Zhang, Rui Qiao, N. Hasabnis, R. Sekar (2014)
A platform for secure static binary instrumentation
(2015)
Jack Tang and Trend Micro Threat Solution Team
M. R. Guthaus, J. S. Ringenberg, D. Ernst, T. M. Austin, T. Mudge, R. B. Brown (2001)
MiBench: A free, commercially representative embedded benchmark suiteProceedings of WWC-4. IEEE
Pinghai Yuan, Qingkai Zeng, Xuhua Ding (2015)
Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
Xinyang Ge, Weidong Cui, T. Jaeger (2017)
GRIFFIN: Guarding Control Flows Using Intel Processor TraceProceedings of the Twenty-Second International Conference on Architectural Support for Programming Languages and Operating Systems
Lucas Davi, A. Dmitrienko, A. Sadeghi, M. Winandy (2010)
Return-Oriented Programming without Returns on ARM
Hong Hu, Chenxiong Qian, Carter Yagemann, S. Chung, William Harris, Taesoo Kim, Wenke Lee (2018)
Enforcing Unique Code Target Property for Control-Flow IntegrityProceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
AliAkbar Sadeghi, Salman Niksefat, Maryam Rostamipour (2018)
Pure-Call Oriented Programming (PCOP): chaining the gadgets using call instructionsJournal of Computer Virology and Hacking Techniques, 14
Edward Raff, Richard Zak, Russell Cox, Jared Sylvester, P. Yacci, Rebecca Ward, Anna Tracy, Mark McLean, Charles Nicholas (2018)
An investigation of byte n-gram features for malware classificationJournal of Computer Virology and Hacking Techniques, 14
Matthew Guthaus, J. Ringenberg, Dan Ernst, T. Austin, T. Mudge, Richard Brown (2001)
MiBench: A free, commercially representative embedded benchmark suiteProceedings of the Fourth Annual IEEE International Workshop on Workload Characterization. WWC-4 (Cat. No.01EX538)
(2016)
Accelerating Datacenter Workloads
Wenjian He, Sanjeev Das, Wei Zhang, Yang Liu (2017)
No-jump-into-basic-block: Enforce basic block CFI on the fly for real-world binaries2017 54th ACM/EDAC/IEEE Design Automation Conference (DAC)
Stephen Crane, Christopher Liebchen, Andrei Homescu, Lucas Davi, Per Larsen, A. Sadeghi, Stefan Brunthaler, M. Franz (2015)
Readactor: Practical Code Randomization Resilient to Memory Disclosure2015 IEEE Symposium on Security and Privacy
John Henning (2006)
SPEC CPU2006 benchmark descriptionsSIGARCH Comput. Archit. News, 34
Yutao Liu, Peitao Shi, Xinran Wang, Haibo Chen, B. Zang, Haibing Guan (2017)
Transparent and Efficient CFI Enforcement with Intel Processor Trace2017 IEEE International Symposium on High Performance Computer Architecture (HPCA)
Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Y. Paek (2016)
HDFI: Hardware-Assisted Data-Flow Isolation2016 IEEE Symposium on Security and Privacy (SP)
Scoding
[nRopper—Rop Gadget Finder and Binary Information Tool. Retrieved December 22, 2019 from https://scoding.de/ropper/., 22
Vasilis Pappas, M. Polychronakis, A. Keromytis (2013)
Transparent ROP Exploit Mitigation Using Indirect Branch Tracing
David Williams-King, Graham Gobieski, Columbia University, Kent Williams-King, James Blake, Xinhao Yuan, W. Aiello, Patrick Colp, Michelle Zheng, V. Kemerlis, Junfeng Yang
This Paper Is Included in the Proceedings of the 12th Usenix Symposium on Operating Systems Design and Implementation (osdi '16). Shuffler: Fast and Deployable Continuous Code Re-randomization Shuffler: Fast and Deployable Continuous Code Re-randomization
D. Williams-King, G. Gobieski, K. Williams-King, J. P. Blake, X. Yuan, P. Colp, M. Zheng, V. P. Kemerlis, J. Yang, W. Aiello (2016)
Shuffler: Fast and deployable continuous code re-randomizationProceedings of USENIX OSDI
S. Bhatkar, Daniel DuVarney, R. Sekar (2003)
Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits
Kevin Snow, F. Monrose, Lucas Davi, A. Dmitrienko, Christopher Liebchen, A. Sadeghi (2013)
Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization2013 IEEE Symposium on Security and Privacy
Caroline Tice, T. Roeder, Peter Collingbourne, Stephen Checkoway, Ú. Erlingsson, Luis Lozano, Geoff Pike (2014)
Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM
H. Shacham (2007)
The geometry of innocent flesh on the bone: Return-into-libc without function callsProceedings of CCS
Per Larsen, Andrei Homescu, Stefan Brunthaler, M. Franz (2014)
SoK: Automated Software Diversity2014 IEEE Symposium on Security and Privacy
Lowell Anderson (2020)
Decision ProblemsEncyclopedia of Education and Information Technologies
Pengfei Qiu, Yongqiang Lyu, Jiliang Zhang, Dongsheng Wang, G. Qu (2018)
Control Flow Integrity Based on Lightweight Encryption ArchitectureIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37
Stephen Crane, Stijn Volckaert, Felix Schuster, Christopher Liebchen, Per Larsen, Lucas Davi, A. Sadeghi, Thorsten Holz, B. Sutter, M. Franz (2015)
It's a TRaP: Table Randomization and Protection against Function-Reuse AttacksProceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Code-reuse attack is a concrete threat to computing systems because it can evade conventional security defenses. Control flow integrity (CFI) is proposed to repel this threat. However, former implementations of CFI suffer from two major drawbacks: complex offline processing on programs and high overheads at runtime. Therefore, it is impractical for performance-constrained devices to adopt the technology, leaving them vulnerable to exploitation. In this article, we develop a cross-layer approach named basic-block-boundary-based control flow integrity (BBB-CFI) to minimize the overheads of both offline analysis and runtime checking. Our approach employs basic block information inside the binary code and read-only data to enforce CFI. We identify a key binary-level property called basic block boundary, and based on it we propose the code-inspired method where short code sequences can endorse a control flow transition. Our solution enables quick application launching because it does not require control flow graph construction at the offline stage. We only demand a lightweight analysis on read-only data and a small amount of code of the application. According to the experiments, our approach incurs a negligible 0.11% runtime performance overhead with a minor processor extension, whereas it achieves an order of magnitude speedup in pre-preprocessing compared to a baseline approach. Without control flow analysis or recompilation, BBB-CFI still effectively reduces 90% of the attack surface in terms of gadget numbers. Besides this, we show that the Turing-completeness in the libc is unsustainable. Our approach also demonstrates high applicability to many programs, and it is capable of protecting striped binaries.
ACM Transactions on Embedded Computing Systems (TECS) – Association for Computing Machinery
Published: Feb 7, 2020
Keywords: Control flow integrity
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.