Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Proceedings of the 12th ACM conference on Computer and communications security
StackGhost: Hardware facilitated stack protection
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Address obfuscation: an efficient approach to combat a board range of memory error exploits
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Non-control-data attacks are realistic threats
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Efficient techniques for comprehensive protection from memory error exploits
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
Securing software by enforcing data-flow integrity
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
When good instructions go bad: generalizing return-oriented programming to RISC
Proceedings of the 15th ACM conference on Computer and communications security
Native Client: a sandbox for portable, untrusted x86 native code
Communications of the ACM - Amir Pnueli: Ahead of His Time
Fast byte-granularity software fault isolation
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
On the difficulty of software-based attestation of embedded devices
Proceedings of the 16th ACM conference on Computer and communications security
Proceedings of the 2009 ACM workshop on Scalable trusted computing
DROP: Detecting Return-Oriented Programming Malicious Code
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Defeating return-oriented rootkits with "Return-Less" kernels
Proceedings of the 5th European conference on Computer systems
EVT/WOTE'09 Proceedings of the 2009 conference on Electronic voting technology/workshop on trustworthy elections
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
G-Free: defeating return-oriented programming through gadget-less binaries
Proceedings of the 26th Annual Computer Security Applications Conference
Jump-oriented programming: a new class of code-reuse attack
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Jump oriented programming on windows platform (on the x86)
ICCSA'12 Proceedings of the 12th international conference on Computational Science and Its Applications - Volume Part III
Securing untrusted code via compiler-agnostic binary rewriting
Proceedings of the 28th Annual Computer Security Applications Conference
CPM: Masking Code Pointers to Prevent Code Injection Attacks
ACM Transactions on Information and System Security (TISSEC)
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Transparent ROP exploit mitigation using indirect branch tracing
SEC'13 Proceedings of the 22nd USENIX conference on Security
A platform for secure static binary instrumentation
Proceedings of the 10th ACM SIGPLAN/SIGOPS international conference on Virtual execution environments
| Hi-index | 0.00 |
Code-reuse attacks are software exploits in which an attacker directs control flow through existing code with a malicious result. One such technique, return-oriented programming, is based on "gadgets" (short pre-existing sequences of code ending in a ret instruction) being executed in arbitrary order as a result of a stack corruption exploit. Many existing codereuse defenses have relied upon a particular attribute of the attack in question (e.g., the frequency of ret instructions in a return-oriented attack), which leads to an incomplete protection, while a smaller number of efforts in protecting all exploitable control flow transfers suffer from limited deploy-ability due to high performance overhead. In this paper, we present a novel cost-effective defense technique called control flow locking, which allows for effective enforcement of control flow integrity with a small performance overhead. Specifically, instead of immediately determining whether a control flow violation happens before the control flow transfer takes place, control flow locking lazily detects the violation after the transfer. To still restrict attackers' capability, our scheme guarantees that the deviation of the normal control flow graph will only occur at most once. Further, our scheme ensures that this deviation cannot be used to craft a malicious system call, which denies any potential gains an attacker might obtain from what is permitted in the threat model. We have developed a proof-of-concept prototype in Linux and our evaluation demonstrates desirable effectiveness and competitive performance overhead with existing techniques. In several benchmarks, our scheme is able to achieve significant gains.