On the effectiveness of control-flow integrity against modern attack techniques

Sarwar Sayeed, Hector Marco-Gisbert

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

2 Citations (Scopus)
315 Downloads (Pure)

Abstract

Memory error vulnerabilities are still widely exploited by attackers despite the various protections developed. Attackers have adopted new strategies to successfully exploit well-known memory errors bypassing mature protection techniques such us the NX, SSP, and ASLR. Those attacks compromise the execution flow to gain control over the target successfully.

Control-flow Integrity (CFI) is a protection technique that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running program cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques including code reuse attacks, return-to-user, return-to-libc and replay attacks.

Surveys are conducted to classify those 14 CFI techniques based on the security robustness and implementation feasibility. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. Moreover, we show that the overhead and implementation requirement make some CFI techniques impractical.

We conclude that the effort required to have those techniques in real systems, the high overhead, and also the partial attack coverage is discouraging the industry from adopting CFI protections.
Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Subtitle of host publication34th IFIP TC 11 International Conference, SEC 2019, Lisbon, Portugal, June 25-27, 2019, Proceedings
EditorsGurpreet Dhillon, Fredrik Karlsson, Karin Hedström, André Zúquete
PublisherSpringer International Publishing AG
Pages331-344
Number of pages14
ISBN (Electronic)9783030223120
ISBN (Print)9783030223113
DOIs
Publication statusE-pub ahead of print - 5 Jun 2019
EventICT Systems Security and Privacy Protection - Lisbon, Portugal
Duration: 25 Jun 201927 Jun 2019
https://www.ifipsec.org/2019/

Publication series

NameIFIP Advances in Information and Communication Technology
PublisherSpringer Nature
Volume562
ISSN (Electronic)1868-4238

Conference

ConferenceICT Systems Security and Privacy Protection
Abbreviated titleIFIP SEC
Country/TerritoryPortugal
CityLisbon
Period25/06/1927/06/19
Internet address

Keywords

  • CFI Protection Techniques
  • CFI attacks

Fingerprint

Dive into the research topics of 'On the effectiveness of control-flow integrity against modern attack techniques'. Together they form a unique fingerprint.

Cite this