Mitigating Code-Reuse Attacks with Control-Flow Locking

被引:76
作者
Bletsch, Tyler [1 ]
Jiang, Xuxian [1 ]
Freeh, Vince [1 ]
机构
[1] NC State Univ, Dept Comp Sci, Raleigh, NC 27695 USA
来源
27TH ANNUAL COMPUTER SECURITY APPLICATIONS CONFERENCE (ACSAC 2011) | 2011年
关键词
D O I
10.1145/2076732.2076783
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
Codmreuse attacks are software exploits in which an attacker directs control flow through existing code with a malicious result. One such technique, return-oriented programming, is based on "gadgets" (short pre-existing sequences of code ending hi a ret instruction) being executed in arbitrary order as a result of a stack corruption exploit. Many existing code reuse defenses have relied upon a particular attribute of the attack in question (e.g., the frequency of ret instructions in a return-oriented attack), which leads to an incomplete protection, while a smaller number of efforts in protecting all exploitable control flow transfers suffer from limited deploy ability due to high performance overhead. In this paper, we present a novel cost-effective defense technique called control flow locking, which allows for effective enforcement of control flow integrity with a small performance overhead. Specifically, instead of immediately determining whether a control flow violation happens before the control flow transfer takes place, control flow locking lazily detects the violation after the transfer. To still restrict attackers' capability, our scheme guarantees that the deviation of the normal control flow graph will only occur at most once. Further, our scheme ensures that this deviation cannot be used to craft a malicious system call, which denies any potential gains an attacker might obtain from what is permitted in the threat model. We have developed a proof-of-concept prototype in Linux and our evaluation demonstrates desirable effectiveness and competitive performance overhead with existing techniques. In several benchmarks, our scheme is able to achieve significant gains.
引用
收藏
页码:353 / 362
页数:10
相关论文
共 34 条
[1]  
Abadi Martin, 2005, 12 ACM CCS
[2]  
Akritidis Periklis, 2008, 28 IEEE S SEC PRIV M
[3]  
Bhatkar Sandeep., 2003, 12th USENIX Security
[4]  
Bhatkar Sandeep., 2005, 14th USENIX Security
[5]  
Bletsch T., 2011, 6 ASIACCS
[6]  
Buchanan E, 2008, CCS'08: PROCEEDINGS OF THE 15TH ACM CONFERENCE ON COMPUTER AND COMMUNICATIONS SECURITY, P27
[7]  
Castro Miguel, 2009, 22 ACM SOSP
[8]  
Castro Miguel, 2006, 7 USENIX OSDI
[9]  
Checkoway S., 2010, 17 ACM CCS
[10]  
Checkoway S., 2009, EVT WOTE 2009