Abstract
With the development of research on noncontrol data attacks and defense, the threat of data-oriented programming (DOP) attacks has attracted increasing attention from the security research community. DOP attacks can manipulate security-critical noncontrol data to alter program behavior without violating control-flow integrity (CFI) and can circumvent the most effective defenses against control-data attacks. Among DOP attacks, the misuse of user input data is a major contributor. Moreover, existing defense methods, e.g., DOPdefender, currently lack security protection for user input data. To effectively defend against DOP attacks, we propose a novel technique, DOPdefenderPlus, which draws on the idea of divide-and-conquer and uses the modular authentication technique to make DOPdefender scalable for complex software that is designed modularly, as well as introduce the Inputguard technique to protect the program input data. The DOPdefenderPlus is an enhanced version of DOPdefender, which overcomes some limitations of DOPdefender. We implement DOPdefenderPlus on a Linux operating system and use it to defend against multiple realistic DOP attacks. We also evaluate the performance of our method, and all the results show that DOPdefenderPlus can overcome the two limitations of DOPdefender while introducing a moderate runtime overhead.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
