Computer Science

Computer Science ›› 2017, Vol. 44 ›› Issue (11): 87-90.doi: 10.11896/j.issn.1002-137X.2017.11.013

Previous Articles     Next Articles

Improved Method of Context-sensitive Control Flow Integrity Protection

SHEN Qin-tao, ZHANG Li, LUO Lei, MA Jun, YU Jie and WU Qing-bo   

  • Online:2018-12-01 Published:2018-12-01

PDF (PC)

565

Abstract: Facing the threat of control flow hijacking,the industry uses control flow integrity protection technology.It is difficult to achieve the goal for those traditional control-flow integrity protection mechanisms which depend on dynamic binary rewriting technology,and it’s not easy for analysis and implementation.It may also bring out the problem of binary compatibility.The recently proposed context-sensitive control-flow integrity,PathArmor,only verifies the control flow when tasks are calling system functions.To achieve enhanced protection,an improved method was proposed in this paper.The improved method means to trigger more page fault intentionally by modifying the pages’ protection flag of the target task,with the kernel’s mechanism of page fault.Then it hooks the origin system IDT (Interrupt Description Table) and creates new do_page_fault function to handle the generated page fault.With doing some experiments on typi-cal application like nginx,bzip2,SQLite and so on,the result shows that the counts for tasks to be verified increase significantly,and it can get better protection with the improved method.

Key words: Control-flow integrity,Execution path,Hardware feature,Control-flow protection,Kernel trap

[1] DESIGNER S.Return-to-libc attack[M].Bugtraq,1997.
[2] SHACHAM H.The geometry of innocent flesh on the bone:Return-into-libc without function calls (on the x86)[C]∥Proceedings of the 14th ACM Conference on Computer and Communications Security.ACM,2007:552-561.
[3] ROEMER R,BUCHANAN E,SHACHAM H,et al.Return-oriented programming:Systems,languages,and applications[J].ACM Transactions on Information and System Security,2012,15(1):1-34.
[4] ABADI M,BUDIU M,ERLINGSSON U,et al.Control-flow integrity[C]∥Proceedings of the 12th ACM Conference on Computer and Communications Security.ACM,2005:340-353.
[5] ZHANG M,SEKAR R.Control Flow Integrity for COTS Binaries[C]∥Usenix Security Symposium.2013:337-352.
[6] ZHANG C,WEI T,Chen Z,et al.Practical control flow integrity and randomization for binary executables[C]∥2013 IEEE Symposium on Security and Privacy (SP).IEEE,2013:559-573.
[7] TEAM P X.PaX address space layout randomization (ASLR).http://pax.grsecurity.net/docs/aslr.txt.
[8] CHENG Y,ZHOU Z,MIAO Y,et al.ROPecker:A generic and practical approach for defending against ROP attack[C]∥ Network & Distributed System Security Sympoisum.2014.
[9] VAN DER VEEN V,ANDRIESSE D,GKTAS, E,et al.Practical context-sensitive cfi[C]∥Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security.ACM,2015:927-940.
[10] GOKTAS E,ATHANASOPOULOS E,BOS H,et al.Out of control:Overcoming control-flow integrity[C]∥2014 IEEE Symposium on Security and Privacy (SP).IEEE,2014:575-589.
[11] DAVI L,LEHMANN D,SADEGHI A R,et al.Stitching thegadgets:On the ineffectiveness of coarse-grained control-flow integrity protection[C]∥USENIX Security Symposium.2014.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.