Abstract
Control-Flow Integrity (CFI) is a popular method against control-flow hijacking attacks. For Commercial Off-the-Shelf (COTS) binaries, in order to reduce the runtime overhead, traditional works provide coarse-grained CFI and thus are context-insensitive. Because of the inaccuracy of the control-flow graphs (CFGs), they can hardly defend against elaborately designed attacks. We present a fully context-sensitive CFI method (FCCFI), which determines the validity of the control flow of the current execution path through checking the whole execution path instead of the single edge or partial edges in the execution path. FCCFI gathers the control-flow information in the offline phase and tracks the execution paths to gather the process-tracking information during runtime. Then it compares the control-flow information with the process-tracking information to check the validity of the control flow. We implement the system and evaluate the security of the implementation. The evaluation results show that FCCFI can defend against most common control-flow hijacking attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity. In: Proceedings of the 12th ACM Conference on Computer and Communications Security, pp. 340–353. ACM (2005)
Carlini, N., Wagner, D.: ROP is still dangerous: breaking modern defenses. In: Proceedings of the 23rd USENIX Security Symposium, pp. 385–399 (2014)
Davi, L., Sadeghi, A.R., Lehmann, D., Monrose, F.: Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection. In: Proceedings of the 23rd USENIX Security Symposium, pp. 401–416 (2014)
Göktaş, E., Athanasopoulos, E., Bos, H., Portokalidis, G.: Out of control: overcoming control-flow integrity. In: Proceedings of the 35th IEEE Symposium on Security and Privacy, pp. 575–589. IEEE (2014)
Göktaş, E., Athanasopoulos, E., Polychronakis, M., Bos, H., Portokalidis, G.: Size does matter: why using gadget-chain length to prevent code-reuse attacks is hard. In: Proceedings of the 23rd USENIX Security Symposium, pp. 417–432 (2014)
Kemerlis, V.P., Portokalidis, G., Jee, K., Keromytis, A.D.: Libdft: practical dynamic data flow tracking for commodity systems. In: Proceedings of the 8th International Conference on Virtual Execution Environments, pp. 121–132 (2012)
Pappas, V., Polychronakis, M., Keromytis, A.D.: Transparent ROP exploit mitigation using indirect branch tracing. In: Proceedings of the 22nd USENIX Security Symposium, pp. 447–462 (2013)
Wang, M., Yin, H., Bhaskar, A.V., Su, P., Feng, D.: Binary code continent: finer-grained control flow integrity for stripped binaries. In: Proceedings of the 31st Annual Computer Security Applications Conference, pp. 331–340. ACM (2015)
Wilander, J., Nikiforakis, N., Younan, Y., Kamkar, M., Joosen, W.: RIPE: runtime intrusion prevention evaluator. In: Proceedings of the 27th Annual Computer Security Applications Conference, pp. 41–50 (2011)
Xia, Y., Liu, Y., Chen, H., Zang, B.: CFIMon: detecting violation of control flow integrity using performance counters. In: Proceedings of the 42nd IEEE/IFIP International Conference on Dependable Systems and Networks, pp. 1–12. IEEE (2012)
Zhang, C., Wei, T., Chen, Z., Duan, L., Szekeres, L., McCamant, S., Song, D., Zou, W.: Practical control flow integrity and randomization for binary executables. In: Proceedings of the 34th IEEE Symposium on Security and Privacy, pp. 559–573. IEEE (2013)
Zhang, M., Sekar, R.: Control flow integrity for cots binaries. In: Proceedings of the 22nd USENIX Security Symposium, pp. 337–352 (2013)
Acknowledgement
This work is supported by National Natural Science Foundation of China under grant No.61370106, and by National Key Research & Development (R&D) Plan of China under grant No. 2016YFB0200300.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Qiang, W., Huang, Y., Zou, D., Jin, H., Wang, S., Sun, G. (2017). Fully Context-Sensitive CFI for COTS Binaries. In: Pieprzyk, J., Suriadi, S. (eds) Information Security and Privacy. ACISP 2017. Lecture Notes in Computer Science(), vol 10343. Springer, Cham. https://doi.org/10.1007/978-3-319-59870-3_28
Download citation
DOI: https://doi.org/10.1007/978-3-319-59870-3_28
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59869-7
Online ISBN: 978-3-319-59870-3
eBook Packages: Computer ScienceComputer Science (R0)