Efficient and practical control flow monitoring for program security

Authors:
Nai Xia;Bing Mao;Qingkai Zeng;Li Xie
Affiliations:
State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China;State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China;State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China;State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing, China
Venue:
ASIAN'06 Proceedings of the 11th Asian computing science conference on Advances in computer science: secure software and related issues
Year:
2006

Citing 15
Cited 1

Points-to analysis in almost linear time

POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Which pointer analysis should I use?

Proceedings of the 2000 ACM SIGSOFT international symposium on Software testing and analysis
Secure Execution via Program Shepherding

Proceedings of the 11th USENIX Security Symposium
CIL: Intermediate Language and Tools for Analysis and Transformation of C Programs

CC '02 Proceedings of the 11th International Conference on Compiler Construction
Anomaly Detection Using Call Stack Information

SP '03 Proceedings of the 2003 IEEE Symposium on Security and Privacy
IRM Enforcement of Java Stack Inspection

SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Intrusion Detection via Static Analysis

SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
Countering code-injection attacks with instruction-set randomization

Proceedings of the 10th ACM conference on Computer and communications security
Obfuscation of executable code to improve resistance to static disassembly

Proceedings of the 10th ACM conference on Computer and communications security
On the effectiveness of address-space randomization

Proceedings of the 11th ACM conference on Computer and communications security
Efficient Intrusion Detection using Automaton Inlining

SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Control-flow integrity

Proceedings of the 12th ACM conference on Computer and communications security
Where's the FEEB? the effectiveness of instruction set randomization

SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Proxi-Annotated control flow graphs: deterministic context-sensitive monitoring for intrusion detection

ICDCIT'04 Proceedings of the First international conference on Distributed Computing and Internet Technology

Run-time control flow authentication: an assessment on contemporary x86 platforms

Proceedings of the 28th Annual ACM Symposium on Applied Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

Control-hijacking attacks are known as critical threats to software security. Control flow monitoring is a kind of important method to mitigate this problem. In this paper, we present a new method for program control flow monitoring. Based on the static analysis of a program, we apply very simple instrumentation of a program's source code to encode its runtime function level control flow traces and check the correctness of the traces in the OS kernel. Experiments show that this method has a tiny performance impact and is still highly effective in detecting control-hijacking attacks. We also propose to automatically handle non-standard control flow by learning programs' dynamic profiling data. Our method is hopeful to be enforceable in different environments because it does not depend closely on specific platform features and the underlying techniques can be easily found in many platforms.