On the Effectiveness of Control-Flow Integrity Against Modern Attack Techniques

Memory error vulnerabilities are still widely exploited by attackers despite the various protections developed. Attackers have adopted new strategies to successfully exploit well-known memory errors bypassing mature protection techniques such us the NX, SSP, and ASLR. Those attacks compromise the execution flow to gain control over the target successfully.

[1]  Mauro Conti,et al.  Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets , 2018, NDSS.

[2]  Per Larsen,et al.  It's a TRaP: Table Randomization and Protection against Function-Reuse Attacks , 2015, CCS.

[3]  Jianfeng Ma,et al.  Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels , 2018, IEEE Transactions on Information Forensics and Security.

[4]  Jing Wang,et al.  Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory , 2015, 2015 IEEE Symposium on Security and Privacy.

[5]  Sorin Lerner,et al.  SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks , 2014, NDSS.

[6]  Ismael Ripoll,et al.  On the Effectiveness of NX, SSP, RenewSSP, and ASLR against Stack Buffer Overflows , 2014, 2014 IEEE 13th International Symposium on Network Computing and Applications.

[7]  Mingwei Zhang,et al.  Control Flow Integrity for COTS Binaries , 2013, USENIX Security Symposium.

[8]  Dan Boneh,et al.  CCFI: Cryptographically Enforced Control Flow Integrity , 2015, CCS.

[9]  Sotiris Ioannidis,et al.  HCFI: Hardware-enforced Control-Flow Integrity , 2016, CODASPY.

[10]  Xi Chen,et al.  StackArmor: Comprehensive Protection From Stack-based Memory Error Vulnerabilities for Binaries , 2015, NDSS.

[11]  Ahmad-Reza Sadeghi,et al.  Building Secure Defenses Against Code-Reuse Attacks , 2015, SpringerBriefs in Computer Science.

[12]  Ahmad-Reza Sadeghi,et al.  Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection , 2014, USENIX Security Symposium.

[13]  Vikram S. Adve,et al.  KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels , 2014, 2014 IEEE Symposium on Security and Privacy.

[14]  Angelos D. Keromytis,et al.  kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse , 2017, EuroSys.

[15]  Herbert Bos,et al.  Practical Context-Sensitive CFI , 2015, CCS.

[16]  William R. Harris,et al.  Efficient Protection of Path-Sensitive Control Security , 2017, USENIX Security Symposium.

[17]  Ingrid Verbauwhede,et al.  A survey of Hardware-based Control Flow Integrity (CFI) , 2017, ArXiv.

[18]  Fan Long,et al.  Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity , 2015, CCS.

[19]  Zhenkai Liang,et al.  Jump-oriented programming: a new class of code-reuse attack , 2011, ASIACCS '11.

[20]  Christopher Krügel,et al.  Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory , 2016, RAID.

[21]  Úlfar Erlingsson,et al.  Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.

[22]  Martín Abadi,et al.  Control-flow integrity , 2005, CCS '05.

[23]  Per Larsen,et al.  Opaque Control-Flow Integrity , 2015, NDSS.

[24]  Mihai Budiu,et al.  Control-flow integrity principles, implementations, and applications , 2009, TSEC.

[25]  David A. Wagner,et al.  Control-Flow Bending: On the Effectiveness of Control-Flow Integrity , 2015, USENIX Security Symposium.

[26]  Angelos D. Keromytis,et al.  ret2dir: Rethinking Kernel Isolation , 2014, USENIX Security Symposium.

[27]  Trent Jaeger,et al.  Fine-Grained Control-Flow Integrity for Kernel Software , 2016, 2016 IEEE European Symposium on Security and Privacy (EuroS&P).

[28]  Chao Zhang,et al.  Practical Control Flow Integrity and Randomization for Binary Executables , 2013, 2013 IEEE Symposium on Security and Privacy.

[29]  Vasileios Pappas,et al.  Defending against Return-Oriented Programming , 2015 .

[30]  Ben Niu,et al.  Per-Input Control-Flow Integrity , 2015, CCS.