Abstract
Memory error vulnerabilities are still widely exploited by attackers despite the various protections developed. Attackers have adopted new strategies to successfully exploit well-known memory errors bypassing mature protection techniques such us the NX, SSP, and ASLR. Those attacks compromise the execution flow to gain control over the target successfully.
Control-flow Integrity (CFI) is a protection technique that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running program cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques including code reuse attacks, return-to-user, return-to-libc and replay attacks.
Surveys are conducted to classify those 14 CFI techniques based on the security robustness and implementation feasibility. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. Moreover, we show that the overhead and implementation requirement make some CFI techniques impractical.
We conclude that the effort required to have those techniques in real systems, the high overhead, and also the partial attack coverage is discouraging the industry from adopting CFI protections.
Control-flow Integrity (CFI) is a protection technique that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running program cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques including code reuse attacks, return-to-user, return-to-libc and replay attacks.
Surveys are conducted to classify those 14 CFI techniques based on the security robustness and implementation feasibility. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. Moreover, we show that the overhead and implementation requirement make some CFI techniques impractical.
We conclude that the effort required to have those techniques in real systems, the high overhead, and also the partial attack coverage is discouraging the industry from adopting CFI protections.
Original language | English |
---|---|
Title of host publication | ICT Systems Security and Privacy Protection |
Subtitle of host publication | 34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings |
Editors | Gurpreet Dhillon, Fredrik Karlsson, Karin Hedström, André Zúquete |
Publisher | Springer International Publishing AG |
Pages | 331-344 |
Number of pages | 14 |
ISBN (Electronic) | 9783030223120 |
ISBN (Print) | 9783030223113 |
DOIs | |
Publication status | E-pub ahead of print - 5 Jun 2019 |
Event | ICT Systems Security and Privacy Protection - Lisbon, Portugal Duration: 25 Jun 2019 → 27 Jun 2019 https://www.ifipsec.org/2019/ |
Publication series
Name | IFIP Advances in Information and Communication Technology |
---|---|
Publisher | Springer Nature |
Volume | 562 |
ISSN (Electronic) | 1868-4238 |
Conference
Conference | ICT Systems Security and Privacy Protection |
---|---|
Abbreviated title | IFIP SEC |
Country/Territory | Portugal |
City | Lisbon |
Period | 25/06/19 → 27/06/19 |
Internet address |
Keywords
- CFI Protection Techniques
- CFI attacks