Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection

نویسندگان

  • Lucas Davi
  • Ahmad-Reza Sadeghi
  • Daniel Lehmann
  • Fabian Monrose
چکیده

Return-oriented programming (ROP) offers a robust attack technique that has, not surprisingly, been extensively used to exploit bugs in modern software programs (e.g., web browsers and PDF readers). ROP attacks require no code injection, and have already been shown to be powerful enough to bypass fine-grained memory randomization (ASLR) defenses. To counter this ingenious attack strategy, several proposals for enforcement of (coarse-grained) control-flow integrity (CFI) have emerged. The key argument put forth by these works is that coarse-grained CFI policies are sufficient to prevent ROP attacks. As this reasoning has gained traction, ideas put forth in these proposals have even been incorporated into coarse-grained CFI defenses in widely adopted tools (e.g., Microsoft’s EMET framework). In this paper, we provide the first comprehensive security analysis of various CFI solutions (covering kBouncer, ROPecker, CFI for COTS binaries, ROPGuard, and Microsoft EMET 4.1). A key contribution is in demonstrating that these techniques can be effectively undermined, even under weak adversarial assumptions. More specifically, we show that with bare minimum assumptions, turing-complete and real-world ROP attacks can still be launched even when the strictest of enforcement policies is in use. To do so, we introduce several new ROP attack primitives, and demonstrate the practicality of our approach by transforming existing real-world exploits into more stealthy attacks that bypass coarse-grained CFI defenses.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Automated Multi-architectural Discovery of CFI-Resistant Code Gadgets

Memory corruption vulnerabilities are still a severe threat for software systems. To thwart the exploitation of such vulnerabilities, many different kinds of defenses have been proposed in the past. Most prominently, Control-Flow Integrity (CFI) has received a lot of attention recently. Several proposals were published that apply coarse-grained policies with a low performance overhead. However,...

متن کامل

An experimental study on hydraulic behavior of free-surface radial flow in coarse-grained porous media

The equations of fluids in porous media are very useful in designing the rockfill and diversion dams, gabions, breakwaters and ground water reserves. Researches have been showed that the Forchheimer equation is not sufficient for the analysis of hydraulic behavior of free-surface radial flows; because, in these flows, in addition to the hydraulic gradient and velocity, the variable of radius is...

متن کامل

Opaque Control-Flow Integrity

A new binary software randomization and ControlFlow Integrity (CFI) enforcement system is presented, which is the first to efficiently resist code-reuse attacks launched by informed adversaries who possess full knowledge of the inmemory code layout of victim programs. The defense mitigates a recent wave of implementation disclosure attacks, by which adversaries can exfiltrate in-memory code det...

متن کامل

Fine-Grained Control-Flow Integrity Through Binary Hardening

Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular,...

متن کامل

Home appliances energy management based on the IoT system

The idea of the Internet of Things (IoT) has turned out to be increasingly prominent in the cuttingedge period of innovation than at any other time. From little family unit gadgets to extensive modernmachines, the vision of IoT has made it conceivable to interface the gadgets with the physical worldaround them. This expanding prominence has likewise made the IoT gadgets and ap...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014