Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Secure Execution via Program Shepherding
Proceedings of the 11th USENIX Security Symposium
IRM Enforcement of Java Stack Inspection
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Beyond Stack Smashing: Recent Advances in Exploiting Buffer Overruns
IEEE Security and Privacy
On the effectiveness of address-space randomization
Proceedings of the 11th ACM conference on Computer and communications security
Efficient Intrusion Detection using Automaton Inlining
SP '05 Proceedings of the 2005 IEEE Symposium on Security and Privacy
Proceedings of the 12th ACM conference on Computer and communications security
PointguardTM: protecting pointers from buffer overflow vulnerabilities
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Lurking in the Shadows: Identifying Systemic Threats to Kernel Data
SP '07 Proceedings of the 2007 IEEE Symposium on Security and Privacy
XFI: software guards for system address spaces
OSDI '06 Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation - Volume 7
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Preventing Memory Error Exploits with WIT
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Native Client: A Sandbox for Portable, Untrusted x86 Native Code
SP '09 Proceedings of the 2009 30th IEEE Symposium on Security and Privacy
HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
Proceedings of the 18th ACM conference on Computer and communications security
Return-Oriented Programming: Systems, Languages, and Applications
ACM Transactions on Information and System Security (TISSEC) - Special Issue on Computer and Communications Security
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
Control flow integrity for COTS binaries
SEC'13 Proceedings of the 22nd USENIX conference on Security
Strato: a retargetable framework for low-level inlined-reference monitors
SEC'13 Proceedings of the 22nd USENIX conference on Security
| Hi-index | 0.00 |
Runtime attacks that exploit software vulnerabilities are still an important concern nowadays. Even smartphone operating systems such as Apple's iOS are affected by such attacks since the system is implemented in Objective-C, a programming language that enables attacks such as buffer overflows. As a generic protection technique against a whole class of attacks, control-flow integrity (CFI) offers some interesting properties. Recent work demonstrated that CFI can be implemented on iOS by patching the binary during the loading process and adding an instrumentation layer that enforces CFI during runtime. However, this approach is of little practical value since it requires a jailbroken device, which hinders wide employment. Furthermore, binary patching has a certain performance impact. In this paper, we show how CFI can be implemented directly within a compiler, making the approach widely deployable on all kinds of iOS devices. We extend the LLVM compiler and add our CFI enforcement approach during the compilation phase of a given app. An empirical evaluation shows that the size and performance overhead is reasonable.