Control Flow and Code Integrity for COTS binaries

Mingwei Zhang, R. Sekar
2015 Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015  
Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applying CFI to stripped binaries on x86/Linux. Ours is the first work to apply CFI to complex shared
more » ... es such as glibc. Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets. To achieve this result, we have developed robust techniques for disassembly, static analysis, and transformation of large binaries. Our techniques have been tested on over 300MB of binaries (executables and shared libraries).
doi:10.1145/2818000.2818016 dblp:conf/acsac/ZhangS15 fatcat:chj3krubcneurm6dy2727yc2fi