228 Hits in 3.6 sec

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, Geoff Pike
This paper presents implementations of fine-grained, forward-edge CFI enforcement and analysis for GCC and LLVM that meet the above requirements.  ...  indirect jump or call) in the control-flow graph.  ...  Conclusions This paper advances the techniques of Control-Flow Integrity, moving them from research prototypes to being firmly in the domain of the practical.  ... 

Stateful Forward-Edge CFI Enforcement with Intel MPX [chapter]

Jun Zhang, Rui Hou, Wei Song, Zhiyuan Zhan, Boyan Zhao, Mingyu Chen, Dan Meng
2018 Communications in Computer and Information Science  
There are two challenges in applying MPX to forward-edge CFI enforcement.  ...  Evaluation results show that our mechanism is effective in enforcing forward-edge CFI, while incurring acceptable performance overhead.  ...  These attacks belong to backward-edge hijack attacks. It is shown that our mechanism is effective in forward-edge control flow enforcement.  ... 
doi:10.1007/978-981-13-2423-9_7 fatcat:yz7qdgdpozh57fognrncsrhe2m

ReCFA: Resilient Control-Flow Attestation [article]

Yumei Zhang, Xinzhi Liu, Cong Sun, Dongrui Zeng, Gang Tan, Xiao Kan, Siqi Ma
2021 arXiv   pre-print
We employ a shadow stack mechanism at the verifier to enforce context-sensitive control-flow integrity and diagnose the compromised control-flow events violating the security policy.  ...  In this work, we propose a resilient control-flow attestation (ReCFA), which does not need the offline measurement of all legitimate control-flow paths, thus scalable to be used on complicated commodity  ...  Xiaozhu Meng for the kind advice in using the instrumentation tool Dyninst. Yumei  ... 
arXiv:2110.11603v3 fatcat:dszix3voknei7leoyrgciblfna

Control-Flow Integrity: Precision, Security, and Performance [article]

Nathan Burow, Scott A. Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, Mathias Payer
2017 arXiv   pre-print
For each mechanism, we evaluate (i) protected types of control-flow transfers, (ii) the precision of the protection for forward and backward edges.  ...  Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI), and this technique is now integrated into several production compilers.  ...  The evaluation in this survey would not have been possible without the open-source releases of several CFI mechanisms.  ... 
arXiv:1602.04056v3 fatcat:gef4lo4tafb6dhmylmg2eomotq

PAC it up: Towards Pointer Integrity using ARM Pointer Authentication [article]

Hans Liljestrand, Thomas Nyman, Kui Wang, Carlos Chinea Perez, Jan-Erik Ekberg, N. Asokan
2019 arXiv   pre-print
We present PARTS, an instrumentation framework that integrates our PA-based defenses into the LLVM compiler and the GNU/Linux operating system and show, via systematic evaluation, that PARTS provides better  ...  In this paper, we use PA to build novel defenses against various classes of run-time attacks, including the first PA-based mechanism for data pointer integrity.  ...  Acknowledgments This work was supported in part by the Academy of Finland under grant nr. 309994 (SELIoT), and the Intel Collaborative Research Institute for Collaborative Autonomous & Resilient Systems  ... 
arXiv:1811.09189v4 fatcat:vscgjhjdmnbxlble56qebrnnxi

Bypassing memory safety mechanisms through speculative control flow hijacks [article]

Andrea Mambretti, Alexandra Sandulescu, Alessandro Sorniotti, William Robertson, Engin Kirda, Anil Kurmus
2021 arXiv   pre-print
The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such as stack canaries, control flow integrity (CFI), and memory safe languages.  ...  overwrites of control flow data.  ...  This work was partially-supported by National Science Foundation under grant CNS-1703454, and ONR under the "In Situ Malware" project.  ... 
arXiv:2003.05503v3 fatcat:sor4vvhsqvbnbazrttxcin2q7i

Analyzing control flow integrity with LLVM-CFI

Paul Muntean, Matthias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert
2019 Proceedings of the 35th Annual Computer Security Applications Conference on - ACSAC '19  
Control-flow hijacking attacks are used to perform malicious com-putations.  ...  CFI has proven to be one of the most promising pro-tections against control flow hijacking attacks, thus many effortshave been made to improve CFI in various ways.  ...  BACKGROUND Control Flow Integrity.  ... 
doi:10.1145/3359789.3359806 dblp:conf/acsac/MunteanNLTG019 fatcat:pli7gsiey5fmbjkl3jguidareu

Getting in control of your control flow with control-data isolation

William Arthur, Ben Mehne, Reetuparna Das, Todd Austin
2015 2015 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)  
Many control-flow attacks persist because the root of the problem remains: runtime data is allowed to enter the program counter. In this paper, we propose a novel approach: Control-Data Isolation.  ...  While previous work relies on CFG edge checking and labeling, these techniques remain vulnerable to attacks such as heap spray, read, or GOT attacks and in some cases suffer high overheads.  ...  This work was supported in part by C-FAR, one of the six SRC STARnet Centers, sponsored by MARCO and DARPA.  ... 
doi:10.1109/cgo.2015.7054189 dblp:conf/cgo/ArthurMDA15 fatcat:i3bdjfm7mffvlpeg5o222jrmyy

Control Jujutsu

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, Stelios Sidiroglou-Douskos
2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15  
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking memory corruption attacks.  ...  We show that many popular code bases such as Apache and Nginx use coding practices that create flexibility in their intended control flow graph (CFG) even when a strong static analyzer is used to construct  ...  We show that preventing Control Jujutsu by using more precise pointer analysis algorithms is difficult for real-world applications.  ... 
doi:10.1145/2810103.2813646 dblp:conf/ccs/EvansLOSROS15 fatcat:hdc7wwdbgvaklm36xfr7aouhba

Control-Flow Integrity: Attacks and Protections

Sarwar Sayeed, Hector Marco-Gisbert, Ismael Ripoll, Miriam Birch
2019 Applied Sciences  
Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults.  ...  Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by  ...  Enforcing Forward-Edge CFI in GCC & LLVM (IFCC) Forward-Edge CFI is a fine-grained enforcement CFI implementation which involves analysis for GCC and LLVM compiler to meet particular CFI requirements.  ... 
doi:10.3390/app9204229 fatcat:u5gsvzq6vfa7bah6zfl3ktxsza

Efficient Context-Sensitive CFI Enforcement Through a Hardware Monitor [chapter]

Sadullah Canakci, Leila Delshadtehrani, Boyou Zhou, Ajay Joshi, Manuel Egele
2020 Lecture Notes in Computer Science  
Recent works on Control-Flow Integrity (CFI) have mainly focused on Context-Sensitive CFI policies to provide higher security guarantees.  ...  In fact, dedicating one or more cores for CFI enforcement reduces the number of available cores for running user programs.  ...  This work was supported in part by NSF SaTC Award 1916393 and Google Faculty Research Award.  ... 
doi:10.1007/978-3-030-52683-2_13 fatcat:crosy7jk3rczhev5tfj4sb4cx4

Tightly Seal Your Sensitive Pointers with PACTight [article]

Mohannad Ismail, Andrew Quach, Christopher Jelesnianski, Yeongjin Jang, Changwoo Min
2022 arXiv   pre-print
ARM is becoming more popular in desktops and data centers, opening a new realm in terms of security attacks against ARM.  ...  ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity with cryptographic primitives.  ...  Acknowledgment This work is supported in part by the U.S. Office of Naval Research under grants N00014-18-1-2022, the U.S.  ... 
arXiv:2203.15121v1 fatcat:wnnpvhwiljezvclr2g2uwv5grq

On the Effectiveness of Type-based Control Flow Integrity [article]

Reza Mirzazade Farkhani, Saman Jafari, Sajjad Arshad, William Robertson, Engin Kirda, Hamed Okhravi
2020 arXiv   pre-print
Control flow integrity (CFI) has received significant attention in the community to combat control hijacking attacks in the presence of memory corruption vulnerabilities.  ...  RTC-based CFI has been implemented in a number of recent practical efforts such as GRSecurity Reuse Attack Protector (RAP) and LLVM-CFI.  ...  In RTC, for forward edge protection, the type of function pointer and the target are checked at each forward edge control transfer.  ... 
arXiv:1810.10649v2 fatcat:tuaudgletvcahe5txlpdpstei4

Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels

Jinku Li, Xiaomeng Tong, Fengwei Zhang, Jianfeng Ma
2018 IEEE Transactions on Information Forensics and Security  
In this paper, we present FINE-CFI, a system that enforces fine-grained control-flow integrity for operating system kernels.  ...  To prevent attacks, Control-Flow Integrity (CFI) has been proposed to ensure that any control transfer during program's execution never deviates from its Control-Flow Graph (CFG).  ...  In this work, we present FINE-CFI, which enforces finegrained control-flow integrity for operating system kernels.  ... 
doi:10.1109/tifs.2018.2797932 fatcat:2r2xdz7pybb6fbbfumo6upukfm

Finding and understanding bugs in C compilers

Xuejun Yang, Yang Chen, Eric Eide, John Regehr
2012 SIGPLAN notices  
In this paper we present our compiler-testing tool and the results of our bug-hunting study. Our first contribution is to advance the state of the art in compiler testing.  ...  Our second contribution is a collection of qualitative and quantitative results about the bugs we have found in open-source C compilers.  ...  We also thank Hans Boehm, Xavier Leroy, Michael Norrish, Bryan Turner, and the GCC and LLVM development teams for their technical assistance in various aspects of our work.  ... 
doi:10.1145/2345156.1993532 fatcat:q7hkw5rnpjhh7kf7sxzrqpgwou
« Previous Showing results 1 — 15 out of 228 results