Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
Publication Type
Conference Proceeding Article
Publication Date
11-2015
Abstract
Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding malicious code. This paper proposes a practical scheme named as CFIGuard to detect code-reuse attacks on user space applications. CFIGuard traces every branch execution by leveraging hardware features of commodity processors, and then validates the traces based on fine-grained control flow graphs. We have implemented a prototype of CFIGuard on Linux and the experiments show that it only incurs around 2.9 % runtime overhead for a set of typical server applications.
Keywords
Code-reuse attack, Control flow integrity, Indirect branch tracing
Discipline
Computer Sciences | Information Security
Research Areas
Cybersecurity
Publication
Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan, November 2-4, 2015: Proceedings
First Page
66
Last Page
85
ISBN
9783319263618
Identifier
10.1007/978-3-319-26362-5_4
Publisher
Springer Verlag
City or Country
Cham
Citation
YUAN, Pinghai; ZENG, Qingkai; and DING, Xuhua.
Hardware-Assisted Fine-Grained Code-Reuse Attack Detection. (2015). Research in Attacks, Intrusions, and Defenses: 18th International Symposium, RAID 2015, Kyoto, Japan, November 2-4, 2015: Proceedings. 66-85.
Available at: https://ink.library.smu.edu.sg/sis_research/3116
Additional URL
http://dx.doi.org/10.1007/978-3-319-26362-5_4