Evaluating Modern Defenses Against Control Flow Hijacking

Abstract

Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Strong defenses such as complete memory safety for legacy languages(C/C++) incur a large overhead, while weaker and practical defenses such as Code Pointer Integrity (CPI) and Control Flow Integrity (CFI) have their weaknesses. In this thesis, we present attacks that expose the fundamental weaknesses of CPI and CFI.CPI promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is isolated by hardward enforcement on 0x86-32 architecture and by information-hiding on 0x86-64 and ARM architectures. We show that when CPI relies on information hiding, its safe region can be leaked and thus rendering it ineffective against malicious exploits.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Sep 01, 2015
Accession Number
AD1034629

Entities

People

  • Ulziibayar Otgonbaatar

Organizations

  • MIT Lincoln Laboratory

Tags

Communities of Interest

  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Accuracy
  • Air Force
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Computing System Architectures
  • Debugging
  • Electrical Engineering
  • Engineering
  • Instrumentation
  • Life Cycles
  • Lists (Data Structures)
  • Operating Systems
  • Software Development
  • Transient Response Analysis
  • United States

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Parallel and Distributed Computing.