Title

Hardware-Assisted Fine-Grained Code-Reuse Attack Detection

Publication Type

Conference Proceeding Article

Publication Date

11-2015

Abstract

Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding malicious code. This paper proposes a practical scheme named as CFIGuard to detect code-reuse attacks on user space applications. CFIGuard traces every branch execution by leveraging hardware features of commodity processors, and then validates the traces based on fine-grained control flow graphs. We have implemented a prototype of CFIGuard on Linux and the experiments show that it only incurs around 2.9 % runtime overhead for a set of typical server applications.

Keywords

Code-reuse attack, Control flow integrity, Indirect branch tracing

Discipline

Computer Sciences | Information Security

Research Areas

Cybersecurity

Publication

Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan, November 2-4, 2015: Proceedings

First Page

66

Last Page

85

ISBN

9783319263618

Identifier

10.1007/978-3-319-26362-5_4

Publisher

Springer Verlag

City or Country

Cham

Additional URL

http://dx.doi.org/10.1007/978-3-319-26362-5_4

This document is currently not available here.

Share

COinS