More Web Proxy on the site http://driver.im/

research-article

Practical Context-Sensitive CFI

Authors:

Victor van der Veen,

Dennis Andriesse,

Asia Slowinska,

Cristiano GiuffridaAuthors Info & Claims

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Pages 927 - 940

https://doi.org/10.1145/2810103.2813673

Published: 12 October 2015 Publication History

Abstract

Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive to the context of preceding edges. Recent work demonstrates that this leaves sufficient leeway for powerful ROP attacks. Context-sensitive CFI, which can provide enhanced security, is widely considered impractical for real-world adoption. Our work shows that Context-sensitive CFI (CCFI) for both the backward and forward edge can be implemented efficiently on commodity hardware. We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Even with simple context-sensitive policies, PathArmor yields significantly stronger CFI invariants than context-insensitive CFI, with similar performance.

References

[1]

Apache benchmark. http://httpd.apache.org/docs/2.0/programs/ab.html.

[2]

LLVM DSA - Reproduce the Result in PLDI 07 Paper. http://lists.cs.uiuc.edu/pipermail/llvmdev/2015-May/085390.html.

[3]

OpenSSH portable regression tests. http://www.dtucker.net/openssh/regress.

[4]

pyftpdlib. https://code.google.com/p/pyftpdlib.

[5]

SendEmail. http://caspian.dotconf.net/menu/Software/SendEmail.

[6]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. Control-flow integrity. In ACM CCS, 2005.

Digital Library

[7]

M. Abadi, M. Budiu, Ú. Erlingsson, and J. Ligatti. A theory of secure control-flow. In ICFEM, 2005.

Digital Library

[8]

M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti. Control-flow integrity: Principles, implementations, and applications. ACM TISSEC, 13(1), 2009.

Digital Library

[9]

P. Akritidis, C. Cadar, C. Raiciu, M. Costa, and M. Castro. Preventing memory error exploits with WIT. In IEEE S&P, 2008.

Digital Library

[10]

A. R. Bernat and B. P. Miller. Anywhere, any-time binary instrumentation. In PASTE, 2011.

Digital Library

[11]

S. Bhatkar, R. Sekar, and D. C. DuVarney. Efficient techniques for comprehensive protection from memory error exploits. In USENIX SEC, 2005.

Digital Library

[12]

T. Bletsch, X. Jiang, and V. Freeh. Mitigating code-reuse attacks with control-flow locking. In ACSAC, 2011.

Digital Library

[13]

E. Bosman and H. Bos. Framing signals--A return to portable shellcode. In IEEE S&P, 2014.

Digital Library

[14]

B. Buck and J. K. Hollingsworth. An API for runtime code patching. IJHPCA, 14(4), 2000.

Digital Library

[15]

N. Carlini, A. Barresi, M. Payer, D. Wagner, and T. R. Gross. Control-flow bending: On the effectiveness of control-flow integrity. In USENIX SEC, 2015.

Digital Library

[16]

N. Carlini and D. Wagner. ROP is still dangerous: Breaking modern defenses. In USENIX SEC, 2014.

Digital Library

[17]

S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy. Return-oriented programming without returns. In ACM CCS, 2010.

Digital Library

[18]

X. Chen, A. Slowinska, D. Andriesse, H. Bos, and C. Giuffrida. StackArmor: Comprehensive protection from stack-based memory error vulnerabilities for binaries. In NDSS, 2015.

[19]

Y. Cheng, Z. Zhou, M. Yu, X. Ding, and R. Deng. ROPecker: A generic and practical approach for defending against ROP attacks. In NDSS, 2014.

[20]

T.-C. Chiueh and F.-H. Hsu. RAD: A compile-time solution to buffer overflow attacks. In ICDCS, 2001.

Digital Library

[21]

M. L. Corliss, E. C. Lewis, and A. Roth. Using DISE to protect return addresses from attack. In ASSAV, 2004.

[22]

J. Criswell, N. Dautenhahn, and V. Adve. KCoFI: Complete control-flow integrity for commodity operating system kernels. In IEEE S&P, 2014.

Digital Library

[23]

T. H. Dang, P. Maniatis, and D. Wagner. The performance cost of shadow stacks and stack canaries. In ASIACCS, 2015.

Digital Library

[24]

L. Davi, A.-R. Sadeghi, D. Lehmann, and F. Monrose. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX SEC, 2014.

Digital Library

[25]

U. Erlingsson, M. Abadi, M. Vrable, M. Budiu, and G. C. Necula. XFI: Software guards for system address spaces. In OSDI, 2006.

Digital Library

[26]

I. Fratric. Runtime prevention of return-oriented programming attacks, 2012. Technical report.

[27]

E. Göktaş, E. Athanasopoulos, H. Bos, and G. Portokalidis. Out of control: Overcoming control-flow integrity. In IEEE S&P, 2014.

[28]

E. Göktaş, E. Athanasopoulos, M. Polychronakis, H. Bos, and G. Portokalidis. Size does matter: Why using gadget-chain length to prevent code-reuse attacks is hard. In USENIX SEC, 2014.

[29]

V. Kiriansky, D. Bruening, and S. Amarasinghe. Secure execution via program shepherding. In USENIX SEC, 2002.

Digital Library

[30]

S. Krishnamoorthy, M. Hsiao, and L. Lingappan. Tackling the path explosion problem in symbolic execution-driven test generation for programs. In IEEE ATS, 2010.

Digital Library

[31]

V. Kuznetsov, L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song. Code-pointer integrity. In OSDI, 2014.

Digital Library

[32]

C. Lattner, A. Lenharth, and V. Adve. Making context-sensitive points-to analysis with heap cloning practical for the real world. In PLDI, pages 278--289, 2007.

Digital Library

[33]

B. Niu and G. Tan. Monitor integrity protection with space efficiency and separate compilation. In ACM CCS, 2013.

Digital Library

[34]

B. Niu and G. Tan. Modular control-flow integrity. In PLDI, 2014.

Digital Library

[35]

B. Niu and G. Tan. RockJIT: Securing just-in-time compilation using modular control-flow integrity. In ACM CCS, 2014.

Digital Library

[36]

V. Pappas, M. Polychronakis, and A. D. Keromytis. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX SEC, 2013.

Digital Library

[37]

M. Payer, A. Barresi, and T. R. Gross. Fine-grained control-flow integrity through binary hardening. In DIMVA, 2015.

Digital Library

[38]

M. Prasad and T. cker Chiueh. A binary rewriting defense against stack-based buffer overflow attacks. In USENIX ATC, 2003.

[39]

B. G. Roth and E. H. Spafford. Implicit buffer overflow protection using memory segregation. In ARES, 2011.

Digital Library

[40]

F. Schuster, T. Tendyck, C. Liebchen, L. Davi, A.-R. Sadeghi, and T. Holz. Counterfeit object-oriented programming. In IEEE S&P, 2015.

[41]

F. Schuster, T. Tendyck, J. Pewny, A. Maaß, M. Steegmanns, M. Contag, and T. Holz. Evaluating the effectiveness of current anti-ROP defenses. In RAID, 2014.

[42]

H. Shacham. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In ACM CCS, 2007.

Digital Library

[43]

S. Sinnadurai, Q. Zhao, and W.-F. Wong. Transparent runtime shadow stack: Protection against malicious return address modifications, 2004. Technical report.

[44]

A. Slowinska, T. Stancescu, and H. Bos. Howard: a dynamic excavator for reverse engineering data structures. In NDSS, 2011.

[45]

K. Z. Snow, L. Davi, A. Dmitrienko, C. Liebchen, F. Monrose, and A.-R. Sadeghi. Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. In IEEE S&P, May 2013.

Digital Library

[46]

M. L. Soffa, K. R. Walcott, and J. Mars. Exploiting hardware advances for software testing and debugging (nier track). In ICSE, 2011.

Digital Library

[47]

C. Tice, T. Roeder, P. Collingbourne, S. Checkoway, Úlfar Erlingsson, L. Lozano, and G. Pike. Enforcing forward-edge control-flow integrity in GCC and LLVM. In USENIX SEC, 2014.

Digital Library

[48]

D. Wagner and D. Dean. Intrusion detection via static analysis. In IEEE S&P, 2001.

Digital Library

[49]

Z. Wang and X. Jiang. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE S&P, 2010.

Digital Library

[50]

Y. Xia, Y. Liu, H. Chen, and B. Zang. CFIMon: Detecting violation of control flow integrity using performance counters. In IEEE DSN, 2012.

[51]

Y. Younan, D. Pozza, F. Piessens, and W. Joosen. Extended protection against stack smashing attacks without performance loss. In ACSAC, 2006.

Digital Library

[52]

B. Zeng, G. Tan, and Ú. Erlingsson. Strato: A retargetable framework for low-level inlined-reference monitors. In USENIX SEC, 2013.

Digital Library

[53]

C. Zhang, T. Wei, Z. Chen, L. Duan, L. Szekeres, S. McCamant, D. Song, and W. Zou. Practical control-flow integrity and randomization for binary executables. In IEEE S&P, 2013.

Digital Library

[54]

M. Zhang, R. Qiao, N. Hasabnis, and R. Sekar. A platform for secure static binary instrumentation. In VEE, 2014.

Digital Library

[55]

M. Zhang and R. Sekar. Control flow integrity forhphantomxxxxCOTS binaries. In USENIX SEC, 2013.

Digital Library

Cited By

Liu DMeng XWang PZhou XXie WWang B(2025)Constructing arbitrary write via puppet objects and delivering gadgets in Linux kernelComputers & Security10.1016/j.cose.2024.104189150(104189)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104189
Díez-Franco IBringas PUgarte-Pedrero X(2024)Understanding the Security Landscape of Control-Data and Non-Control-Data Attacks Against IoT Systems2024 9th International Conference on Smart and Sustainable Technologies (SpliTech)10.23919/SpliTech61897.2024.10612517(01-06)Online publication date: 25-Jun-2024
https://doi.org/10.23919/SpliTech61897.2024.10612517
Kasten FZieris PHorsch J(2024)Integrating Static Analyses for High-Precision Control-Flow IntegrityProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678920(419-434)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678920
Show More Cited By

Index Terms

Practical Context-Sensitive CFI
1. Security and privacy
  1. Systems security
    1. Operating systems security

Recommendations

Per-Input Control-Flow Integrity
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a program and instrument the program to enforce that CFG. The statically ...
BCI-CFI: A context-sensitive control-flow integrity method based on branch correlation integrity
Abstract Context
As part of the arms race, one emerging attack methodology has been control-hijacking attacks, e.g., return-oriented programming (ROP). Control-flow integrity (CFI) is a generic and effective defense against most control-hijacking attacks. ...
Losing Control: On the Effectiveness of Control-Flow Integrity under Stack Attacks
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has been the subject of extensive research in the past decade. One of the ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

October 2015

1750 pages

ISBN:9781450338325

DOI:10.1145/2810103

General Chair:
Indrajit Ray
Colorado State University, USA
,
Program Chairs:
Ninghui Li
Purdue University, USA
,
Christopher Kruegel
University of California, Santa Barbara, USA

Copyright © 2015 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 12 October 2015

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS'15

Sponsor:

SIGSAC

CCS'15: The 22nd ACM Conference on Computer and Communications Security

October 12 - 16, 2015

Colorado, Denver, USA

Acceptance Rates

CCS '15 Paper Acceptance Rate 128 of 660 submissions, 19%;

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

143
Total Citations
View Citations
1,497
Total Downloads

Downloads (Last 12 months)167
Downloads (Last 6 weeks)18

Reflects downloads up to 25 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu DMeng XWang PZhou XXie WWang B(2025)Constructing arbitrary write via puppet objects and delivering gadgets in Linux kernelComputers & Security10.1016/j.cose.2024.104189150(104189)Online publication date: Mar-2025
https://doi.org/10.1016/j.cose.2024.104189
Díez-Franco IBringas PUgarte-Pedrero X(2024)Understanding the Security Landscape of Control-Data and Non-Control-Data Attacks Against IoT Systems2024 9th International Conference on Smart and Sustainable Technologies (SpliTech)10.23919/SpliTech61897.2024.10612517(01-06)Online publication date: 25-Jun-2024
https://doi.org/10.23919/SpliTech61897.2024.10612517
Kasten FZieris PHorsch J(2024)Integrating Static Analyses for High-Precision Control-Flow IntegrityProceedings of the 27th International Symposium on Research in Attacks, Intrusions and Defenses10.1145/3678890.3678920(419-434)Online publication date: 30-Sep-2024
https://dl.acm.org/doi/10.1145/3678890.3678920
Peng AFang DGuan LKouwe ELi YWang WSun LZhang Y(2024)Bitmap-Based Security Monitoring for Deeply Embedded SystemsACM Transactions on Software Engineering and Methodology10.1145/367246033:7(1-31)Online publication date: 18-Jun-2024
https://dl.acm.org/doi/10.1145/3672460
Xiang HCheng ZLi JMa JLu KLuo BLiao XXu JKirda ELie D(2024)Boosting Practical Control-Flow Integrity with Complete Field Sensitivity and Origin AwarenessProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670308(4524-4538)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670308
Nguyen HPriyadarshan SSekar RChristakis MPradel M(2024)Scalable, Sound, and Accurate Jump Table AnalysisProceedings of the 33rd ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3650212.3680301(541-552)Online publication date: 11-Sep-2024
https://dl.acm.org/doi/10.1145/3650212.3680301
Ismail MJelesnianski CJang YMin CXiong WTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Enforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow IntegrityProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651342(283-300)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651342
Houy SBartel A(2024)Lessons Learned and Challenges of Deploying Control Flow Integrity in Complex Software: the Case of OpenJDK’s Java Virtual Machine2024 IEEE Secure Development Conference (SecDev)10.1109/SecDev61143.2024.00020(153-165)Online publication date: 7-Oct-2024
https://doi.org/10.1109/SecDev61143.2024.00020
Zhao ZArmanuzzaman MTan XMa Z(2024)Trusted Execution Environments in Embedded and IoT Systems: A CactiLab Perspective2024 International Symposium on Secure and Private Execution Environment Design (SEED)10.1109/SEED61283.2024.00020(96-106)Online publication date: 16-May-2024
https://doi.org/10.1109/SEED61283.2024.00020
Wang YMack CTan XZhang NZhao ZBaruah SWard B(2024)InsectACIDE: Debugger-Based Holistic Asynchronous CFI for Embedded System2024 IEEE 30th Real-Time and Embedded Technology and Applications Symposium (RTAS)10.1109/RTAS61025.2024.00036(360-372)Online publication date: 13-May-2024
https://doi.org/10.1109/RTAS61025.2024.00036
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents