RAD: A Compile-Time Solution to Buffer Overflow Attacks
ICDCS '01 Proceedings of the The 21st International Conference on Distributed Computing Systems
Proceedings of the 12th ACM conference on Computer and communications security
The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86)
Proceedings of the 14th ACM conference on Computer and communications security
Return-oriented rootkits: bypassing kernel code integrity protection mechanisms
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Return-oriented programming without returns
Proceedings of the 17th ACM conference on Computer and communications security
| Hi-index | 0.00 |
Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness. In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications.