PointerLock: Protecting Function Pointers with Access Control on Page

Since function pointers are closely related to software control flow and they are writable, attackers often take function pointers as the targets. To protect the function pointers, we propose a novel solution called PointerLock. To avoid being tampered with by the attacker, PointerLock restricts the writing operation on the function pointers with the support of access control on the page. PointerLock centralizes the application's function pointers to a few pages, and these pages are only readable by default. Only when the application want to modify the pointer, PointerLock makes the page writable where the function pointer is located in. This reduces the time window of attacking the function pointer. To prevent an attacker from tampering with other function pointers on the same page as function pointers, PointerLock performs the necessary checks on the page before they are used again. The prototype system of PointerLock was built in Fedora 21 with a 3.17.6 kernel. Two system calls are implemented in kernel space, and six interfaces are developed for users in the form of dynamic link libraries in user space. The tests show that PointerLock is capable of preventing the attacker from tampering with the function pointers, and it does not introduced an overheavy performance.