Abstract
In the Unix-like system, the Global Offset Table (GOT) overwrite attack is a long-lasting control flow hijacking attack. The attack, by leveraging the dynamic symbol binding mechanism, overwrites any GOT entry into the attacker's target address to take the execution flow on the library function call. Recently, Full Relro (Relocation Read only), which arranges the GOT section as read-only at program startup, is regarded as most useful against the threat. However, it entails nontrivial loading overhead and is not applicable to libraries. Furthermore, many software packages are currently distributed without Full Relro. As a result, programs are still exposed to the risk of GOT attacks. In this paper, we propose a CFI-based protection scheme against the GOT overwrite attack. Using dynamically bound function symbols as branch identifiers, the scheme secures inter-module function calls on PLT (Procedure Linkage Table) effectively with little performance overhead. Our LLVM based implementation and evaluation on binutils-gdb show that the branch protection scheme is difficult to bypass, fast, and compatible with existing library programs.
Highlights
Control flow hijacking is the primary goal of software vulnerability attacks
In a program with Full Relro applied, the Global Offset Table (GOT) becomes read-only after all library function calls are bound at loading time and GOT modification is blocked at runtime
The existing inter-module Control Flow Integrity (CFI) techniques require dynamic table management and dedicated function calls for validation, which causes a lot of performance overhead
Summary
Control flow hijacking is the primary goal of software vulnerability attacks. It takes control of a program by changing the execution flow of the program to an intended program code address. The Global Offset Table (GOT) overwriting attack [1] is a traditional control flow exploitation technique for exploiting software privileges in a Unix-like system environment. It uses a dynamic binding mechanism of the Executable and Linkable Format (ELF) program. The GOT attack overwrites this GOT entry into the attacker’s branch target address and takes control flow when the library function is called in the program. In a program with Full Relro applied, the GOT becomes read-only after all library function calls are bound at loading time and GOT modification is blocked at runtime. Proposal of CFI-based protection scheme defending against the GOT overwrite attack
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
