DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton

Abstract

In recent years, non-control data attacks have become a popular topic in the field of network security. These attacks, such as data-oriented programming (DOP), do not aim to circumvent the control-flow integrity (CFI) protections; rather, they need corrupt only the security-critical non-control data of the target program. Non-control data attacks have been shown to achieve Turing-complete computation. In this paper, we build a non-control data attack description model and analyse feasible defence strategies. We present a new program behaviour model, i.e., the data-aware finite-state automaton (dFSA). Based on the dFSA, we propose the DOPdefender method, which is a method of defending against non-control data attacks. DOPdefender monitors the target process and is aware of the security-critical non-control data that are expected to be operated at runtime, thus validating the legality of the operation on the security-critical non-control data. DOPdefender can prevent adversaries from corrupting the security-critical non-control data of the target program and defend against existing non-control data attacks. We evaluate our method on a Linux operating system. An effectiveness test and a performance test indicate the effectiveness of DOPdefender in thwarting non-control data attacks with a 28.4% runtime overhead on average for CPU-intensive programs and a 13.5% runtime overhead on average for I/O-intensive programs. In the Limitations Section, we discuss a solution to making our method scalable for large-scale programs under some guiding information.