Abstract
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them.
Highlights
Per-Input CFI (PICFI) statically computes Control flow graph (CFG) to determine the edges that will be added on run-time and implements DEP to defend against code injection
We evaluate whether the Control-flow Integrity (CFI) techniques are by-passable by narrowing our focus towards a few attack vectors such as Code-reuse attacks (CRA), code-injection, disclosure, ret2usr, ret-to-libc, and replay attack
Our assessment involves surveying over security experiments done by various research groups, and putting them together to define the flaws in particular CFI techniques
Summary
The term CFI is used to refer to any solution that can deter or mitigate the severity of the attacks that exploit memory errors by trying to prevent the effective control of flow (program counter). We consider only control flow integrity techniques, i.e., methods that try to preserve the flow of execution initially programmed by the developer. These techniques do not remove the vulnerabilities but make it harder or even impossible to take advantage of the faults to create exploits. Most CFI techniques would force a crash when the attacker tries to abuse the vulnerability, this way, a remote code execution would be converted into a denial of service, which is much less dangerous. The work is completed with the discussion of the results, followed by the conclusions
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have