Skip to main content
SpringerLink
Log in

Data Is Flowing in the Wind: A Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks

  • Conference paper
  • First Online:
Book cover International Joint Conference SOCO’16-CISIS’16-ICEUTE’16 (SOCO 2016, CISIS 2016, ICEUTE 2016)

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 527))

Abstract

Security researchers have been focusing on developing mitigation and protection mechanisms against code-injection and code-reuse attacks. Modern defences focus on protecting the legitimate control-flow of a program, nevertheless they cannot withstand a more subtle type of attack, non-control-data attacks, since they follow the legitimate control flow, and thus leave no trace. Data-Flow Integrity (DFI) is a defence mechanism which aims to protect programs against non-control-data attacks. DFI uses static analysis to compute the data-flow graph of a program, and then, enforce at runtime that the data-flow of the program follows the legitimate path; otherwise the execution is aborted.

In this paper, we review the state of the techniques to generate non-control-data attacks and present the state of DFI methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

References

  1. Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity: principles, implementations and applications. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2005)

    Google Scholar 

  2. Aho, A.V., Lam, M.S., Sethi, R., Ullman, J.D.: Compilers: Principles, Techniques, and Tools. Addison-Wesley, Reading (2006)

    MATH  Google Scholar 

  3. Andersen, S., Abella, V.: Data Execution Prevention. Changes to Functionality in Microsoft Windows XP Service Pack 2, Part 3: Memory Protection Technologies (2004)

    Google Scholar 

  4. Bletsch, T., Jiang, X., Freeh, V.W., Liang, Z.: Jump-oriented programming: a new class of code-reuse attack. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2011)

    Google Scholar 

  5. Bosman, E., Bos, H.: Framing signals-a return to portable shellcode. In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (2014)

    Google Scholar 

  6. Castro, M., Costa, M., Harris, T.: Securing software by enforcing data-flow integrity. In: Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI) (2006)

    Google Scholar 

  7. Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.R., Shacham, H., Winandy, M.: Return-oriented programming without returns. In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2010)

    Google Scholar 

  8. Chen, S., Xu, J., Sezer, E.C., Gauriar, P., Iyer, R.K.: Non-control-data attacks are realistic threats. In: Proceedings of the USENIX Security Symposium (2005)

    Google Scholar 

  9. Cowan, C., Pu, C., Maier, D., Hinton, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q.: StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the USENIX Security Symposium (1998)

    Google Scholar 

  10. Criswell, J., Dautenhahn, N., Adve, V.: KCoFI: Complete control-flow integrity for commodity operating system kernels. In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (2014)

    Google Scholar 

  11. Giuffrida, C., Kuijsten, A., Tanenbaum, A.S.: Enhanced operating system security through efficient and fine-grained address space randomization. In: Proceedings of the USENIX Security Symposium (2012)

    Google Scholar 

  12. Hu, H., Chua, Z.L., Adrian, S., Saxena, P., Liang, Z.: Automatic generation of data-oriented exploits. In: Proceedings of the USENIX Security Symposium (2015)

    Google Scholar 

  13. Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (2016)

    Google Scholar 

  14. Kiriansky, V., Bruening, D., Amarasinghe, S.P., et al.: Secure execution via program shepherding. In: Proceedings of the USENIX Security Symposium (2002)

    Google Scholar 

  15. Nergal: The advanced return-into-lib(c) exploits: Pax case study. Phrack Magazine 58 (2001)

    Google Scholar 

  16. Schwartz, E.J., Avgerinos, T., Brumley, D.: All you ever wanted to know about dynamic taint analysis and forward symbolic execution (but might have been afraid to ask). In: Proceedings of the IEEE Symposium on Security and Privacy (Oakland) (2010)

    Google Scholar 

  17. Shacham, H.: The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In: Proceedings of the ACM SIGSAC Conference on Computer and Communications Security (2007)

    Google Scholar 

  18. Song, C., Lee, B., Lu, K., Harris, W., Kim, T., Lee, W.: Enforcing kernel security invariants with data flow integrity. In: Annual Network and Distributed System Security Symposium (NDSS) (2016)

    Google Scholar 

  19. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS) (2004)

    Google Scholar 

  20. PaX Team: Address space layout randomization (ASLR) (2003). http://pax.grsecurity.net/docs/aslr.txt

  21. US-CERT: OpenSSL ‘Heartbleed’ vulnerability (CVE-2014-0160) (2014). https://www.us-cert.gov/ncas/alerts/TA14-098A

Download references

Author information

Authors and Affiliations

  1. DeustoTech, University of Deusto, Bilbao, Spain

    Irene Díez-Franco & Igor Santos

Authors
  1. Irene Díez-Franco
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Igor Santos
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Irene Díez-Franco .

Editor information

Editors and Affiliations

  1. Computational Intelligence Group, University of the Basque Country (UPV/EHU), San Sebastian, Spain

    Manuel Graña

  2. University of the Basque Country, Vitoria, Spain

    José Manuel López-Guede

  3. Computational Intelligence Group, University of the Basque Country (UPV/EHU), San Sebastian, Spain

    Oier Etxaniz

  4. Department of Civil Engineering, University of Burgos, Burgos, Spain

    Álvaro Herrero

  5. University of Salamanca, Salamanca, Spain

    Héctor Quintián

  6. University of Salamanca, Salamanca, Spain

    Emilio Corchado

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Díez-Franco, I., Santos, I. (2017). Data Is Flowing in the Wind: A Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks. In: Graña, M., López-Guede, J.M., Etxaniz, O., Herrero, Á., Quintián, H., Corchado, E. (eds) International Joint Conference SOCO’16-CISIS’16-ICEUTE’16. SOCO CISIS ICEUTE 2016 2016 2016. Advances in Intelligent Systems and Computing, vol 527. Springer, Cham. https://doi.org/10.1007/978-3-319-47364-2_52

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-47364-2_52

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-47363-5

  • Online ISBN: 978-3-319-47364-2

  • eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics

Search

Navigation