Abstract—A new binary software randomization and ControlFlow
Integrity (CFI) enforcement system is presented, which
is the first to efficiently resist code-reuse attacks launched by
informed adversaries who possess full knowledge of the inmemory
code layout of victim programs. The defense mitigates a
recent wave of implementation disclosure attacks, by which adversaries
can exfiltrate in-memory code details in order to prepare
code-reuse attacks (e.g., Return-Oriented Programming (ROP)
attacks) that bypass fine-grained randomization defenses. Such
implementation-aware attacks defeat traditional fine-grained randomization
by undermining its assumption that the randomized
locations of abusable code gadgets remain secret.
Opaque CFI (O-CFI) overcomes this weakness through a
novel combination of fine-grained code-randomization and coarsegrained
control-flow integrity checking. It conceals the graph of
hijackable control-flow edges even from attackers who can view
the complete stack, heap, and binary code of the victim process.
For maximal efficiency, the integrity checks are implemented
using instructions that will soon be hardware-accelerated on
commodity x86-x64 processors. The approach is highly practical
since it does not require a modified compiler and can protect
legacy binaries without access to source code. Experiments using
our fully functional prototype implementation show that O-CFI
provides significant probabilistic protection against ROP attacks
launched by adversaries with complete code layout knowledge,
and exhibits only 4.7% mean performance overhead on current
hardware (with further overhead reductions to follow on forthcoming
Intel processors).
more here...........http://www.utdallas.edu/~hamlen/mohan15ndss.pdf
Integrity (CFI) enforcement system is presented, which
is the first to efficiently resist code-reuse attacks launched by
informed adversaries who possess full knowledge of the inmemory
code layout of victim programs. The defense mitigates a
recent wave of implementation disclosure attacks, by which adversaries
can exfiltrate in-memory code details in order to prepare
code-reuse attacks (e.g., Return-Oriented Programming (ROP)
attacks) that bypass fine-grained randomization defenses. Such
implementation-aware attacks defeat traditional fine-grained randomization
by undermining its assumption that the randomized
locations of abusable code gadgets remain secret.
Opaque CFI (O-CFI) overcomes this weakness through a
novel combination of fine-grained code-randomization and coarsegrained
control-flow integrity checking. It conceals the graph of
hijackable control-flow edges even from attackers who can view
the complete stack, heap, and binary code of the victim process.
For maximal efficiency, the integrity checks are implemented
using instructions that will soon be hardware-accelerated on
commodity x86-x64 processors. The approach is highly practical
since it does not require a modified compiler and can protect
legacy binaries without access to source code. Experiments using
our fully functional prototype implementation show that O-CFI
provides significant probabilistic protection against ROP attacks
launched by adversaries with complete code layout knowledge,
and exhibits only 4.7% mean performance overhead on current
hardware (with further overhead reductions to follow on forthcoming
Intel processors).
more here...........http://www.utdallas.edu/~hamlen/mohan15ndss.pdf