TY - GEN
T1 - τCFI
T2 - 21st International Symposium on Research in Attacks, Intrusions and Defenses, RAID 2018
AU - Muntean, Paul
AU - Fischer, Matthias
AU - Tan, Gang
AU - Lin, Zhiqiang
AU - Grossklags, Jens
AU - Eckert, Claudia
N1 - Funding Information:
Acknowledgement. We thank the anonymous reviewers for their feedback, which helped to considerably improve the quality of this paper. Jens Grossklags’ research is supported by the German Institute for Trust and Safety on the Internet (DIVSI). Gang Tan is supported by US NSF grants CCF-1723571 and CNS-1624126, the Defense Advanced Research Projects Agency (DARPA) under agreement number N6600117C4052, and Office of Naval Research (ONR) under agreement number N00014-17-1-2539. Zhiqiang Lin is partially supported by US NSF grant CNS-1812553 and CNS-1834215, AFOSR award FA9550-14-1-0119, and ONR award N00014-17-1-2995.
Publisher Copyright:
© Springer Nature Switzerland AG 2018.
PY - 2018
Y1 - 2018
N2 - Programs aiming for low runtime overhead and high availability draw on several object-oriented features available in the C/C++ programming language, such as dynamic object dispatch. However, there is an alarmingly high number of object dispatch (i.e., forward-edge) corruption vulnerabilities, which undercut security in significant ways and are in need of a thorough solution. In this paper, we propose τCFI, an extended control flow integrity (CFI) model that uses both the types and numbers of function parameters to enforce forward- and backward-edge control flow transfers. At a high level, it improves the precision of existing forward-edge recognition approaches by considering the type information of function parameters, which are directly extracted from the application binaries. Therefore, τCFI can be used to harden legacy applications for which source code may not be available. We have evaluated τCFI on real-world binaries including Nginx, NodeJS, Lighttpd, MySql and the SPEC CPU2006 benchmark and demonstrate that τCFI is able to effectively protect these applications from forward- and backward-edge corruptions with low runtime overhead. In direct comparison with state-of-the-art tools, τCFI achieves higher forward-edge caller-callee matching precision.
AB - Programs aiming for low runtime overhead and high availability draw on several object-oriented features available in the C/C++ programming language, such as dynamic object dispatch. However, there is an alarmingly high number of object dispatch (i.e., forward-edge) corruption vulnerabilities, which undercut security in significant ways and are in need of a thorough solution. In this paper, we propose τCFI, an extended control flow integrity (CFI) model that uses both the types and numbers of function parameters to enforce forward- and backward-edge control flow transfers. At a high level, it improves the precision of existing forward-edge recognition approaches by considering the type information of function parameters, which are directly extracted from the application binaries. Therefore, τCFI can be used to harden legacy applications for which source code may not be available. We have evaluated τCFI on real-world binaries including Nginx, NodeJS, Lighttpd, MySql and the SPEC CPU2006 benchmark and demonstrate that τCFI is able to effectively protect these applications from forward- and backward-edge corruptions with low runtime overhead. In direct comparison with state-of-the-art tools, τCFI achieves higher forward-edge caller-callee matching precision.
UR - http://www.scopus.com/inward/record.url?scp=85053896531&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85053896531&partnerID=8YFLogxK
U2 - 10.1007/978-3-030-00470-5_20
DO - 10.1007/978-3-030-00470-5_20
M3 - Conference contribution
AN - SCOPUS:85053896531
SN - 9783030004699
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 423
EP - 444
BT - Research in Attacks, Intrusions, and Defenses - 21st International Symposium, RAID 2018, Proceedings
A2 - Bailey, Michael
A2 - Ioannidis, Sotiris
A2 - Stamatogiannakis, Manolis
A2 - Holz, Thorsten
PB - Springer Verlag
Y2 - 10 September 2018 through 12 September 2018
ER -