Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity

Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity
Author :
Publisher : Springer Nature
Total Pages : 106
Release :
ISBN-10 : 9783030731410
ISBN-13 : 3030731413
Rating : 4/5 (413 Downloads)

Book Synopsis Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity by : Yan Lin

Download or read book Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity written by Yan Lin and published by Springer Nature. This book was released on 2021-04-30 with total page 106 pages. Available in PDF, EPUB and Kindle. Book excerpt: There are three fundamental components in Control-Flow Integrity (CFI) enforcement. The first component is accurately recovering the policy (CFG). Usually, the more precise the policy is, the more security CFI improves, but precise CFG generation was considered hard without the support of source code. The second component is embedding the CFI policy securely. Current CFI enforcement usually inserts checks before indirect branches to consult a read-only table which stores the valid CFG information. However, this kind of read-only table can be overwritten by some kinds of attacks (e.g., the Rowhammer attack and data-oriented programming). The third component is to efficiently enforce the CFI policy. In current approaches CFI checks are always executed whenever there is an indirect control flow transfer. Therefore, it is critical to minimize the performance impact of CFI checks. In this book, we propose novel solutions to handle these three fundamental components. To generate a precise CFI policy without the support of the source code, we systematically study two methods which recover CFI policy based on function signature matching at the binary level and propose our novel rule- and heuristic-based mechanism to more accurately recover function signature. To embed CFI policy securely, we design a novel platform which encodes the policy into the machine instructions directly without relying on consulting any read-only data structure, by making use of the idea of instruction-set randomization. Each basic block is encrypted with a key derived from the CFG. To efficiently enforce CFI policy, we make use of a mature dynamic code optimization platform called DynamoRIO to enforce the policy so that we are only required to do the CFI check when needed.


Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity Related Books

Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity
Language: en
Pages: 106
Authors: Yan Lin
Categories: Computers
Type: BOOK - Published: 2021-04-30 - Publisher: Springer Nature

DOWNLOAD EBOOK

There are three fundamental components in Control-Flow Integrity (CFI) enforcement. The first component is accurately recovering the policy (CFG). Usually, the
Novel Techniques in Recovering, Embedding, and Enforcing Policies for Control-Flow Integrity
Language: en
Pages: 0
Authors: Yan Lin
Categories:
Type: BOOK - Published: 2021 - Publisher:

DOWNLOAD EBOOK

Control-Flow Integrity (CFI) is an attractive security property with which most injected and code-reuse attacks can be defeated, including advanced attacking te
Safety and Security of Cyber-Physical Systems
Language: en
Pages: 559
Authors: Frank J. Furrer
Categories: Computers
Type: BOOK - Published: 2022-07-20 - Publisher: Springer Nature

DOWNLOAD EBOOK

Cyber-physical systems (CPSs) consist of software-controlled computing devices communicating with each other and interacting with the physical world through sen
System Dependability and Analytics
Language: en
Pages: 429
Authors: Long Wang
Categories: Technology & Engineering
Type: BOOK - Published: 2022-07-25 - Publisher: Springer Nature

DOWNLOAD EBOOK

This book comprises chapters authored by experts who are professors and researchers in internationally recognized universities and research institutions. The bo
Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Language: en
Pages:
Authors: Indrajit Ray
Categories: Computer science
Type: BOOK - Published: 2015-10-12 - Publisher:

DOWNLOAD EBOOK

CCS'15: The 22nd ACM Conference on Computer and Communications Security Oct 12, 2015-Oct 16, 2015 Denver, USA. You can view more information about this proceedi