Fine-Grained Control-Flow Integrity Through Binary Hardening
نویسندگان
چکیده
Applications written in low-level languages without type or memory safety are prone to memory corruption. Attackers gain code execution capabilities through memory corruption despite all currently deployed defenses. Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations. We present Lockdown, a modular, fine-grained CFI policy that protects binary-only applications and libraries without requiring sourcecode. Lockdown adaptively discovers the control-flow graph of a running process based on the executed code. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks using information from a trusted dynamic loader. A shadow stack enforces precise integrity for function returns. Our prototype implementation shows that Lockdown results in low performance overhead and a security analysis discusses any remaining gadgets.
منابع مشابه
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
Control-Flow Integrity (CFI) is a defense which prevents control-flow hijacking attacks. While recent research has shown that coarse-grained CFI does not stop attacks, fine-grained CFI is believed to be secure. We argue that assessing the effectiveness of practical CFI implementations is non-trivial and that common evaluation metrics fail to do so. We then evaluate fullyprecise static CFI — the...
متن کاملLockdown: Dynamic Control-Flow Integrity
Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI) is a promising defense mechanism that restricts open control-flow transfers to a static set o...
متن کاملStitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection
Return-oriented programming (ROP) offers a robust attack technique that has, not surprisingly, been extensively used to exploit bugs in modern software programs (e.g., web browsers and PDF readers). ROP attacks require no code injection, and have already been shown to be powerful enough to bypass fine-grained memory randomization (ASLR) defenses. To counter this ingenious attack strategy, sever...
متن کاملOpaque Control-Flow Integrity
A new binary software randomization and ControlFlow Integrity (CFI) enforcement system is presented, which is the first to efficiently resist code-reuse attacks launched by informed adversaries who possess full knowledge of the inmemory code layout of victim programs. The defense mitigates a recent wave of implementation disclosure attacks, by which adversaries can exfiltrate in-memory code det...
متن کاملProcessing of Fine-Grained DP300/600 Dual Phase Steel from St12 Structural Steel by the Thermo-Mechanical Processing of Cold Rolling and Intercritical Annealing
The effect of microstructural refinement and intercritical annealing on the mechanical properties and work-hardening response of a low carbon St12 steel was studied. It was revealed that intercritical annealing of the ferritic-pearlitic sheet results in the formation of a coarse-grained DP microstructure with discrete martensite islands normally formed in place of pearlitic colonies, which resu...
متن کامل