chapter

Code-pointer integrity

Authors:

Dawn SongAuthors Info & Claims

The Continuing Arms Race: Code-Reuse Attacks and Defenses

March 2018

Pages 81 - 116

https://doi.org/10.1145/3129743.3129748

Published: 01 March 2018 Publication History

Get Access

Abstract

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks that exploit memory corruption errors, including attacks that bypass control-flow integrity mechanisms, such as control-flow bending [Carlini et al. 2015e]. We also describe code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, and they are practical (CPI and CPS were used to protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevented all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2% overhead for C and 1.9% for C/C++, while CPI's overhead is 2.9% for C and 8.4% for C/C++.

This chapter is organized as follows: we introduce the motivation and key ideas behind CPI and CPS (Section 4.1), describe related work (Section 4.2), introduce our threat model (Section 4.3), describe CPI and CPS design (Section 4.4), present the formal model of CPI (Section 4.5), describe an implementation of CPI (Section 4.6) and the experimental results (Section 4.7), and then conclude (Section 4.8).

Cited By

View all

Chen PWei JYu ZChen J(2025)Key-area cyberspace mimic defense against data-oriented attacksSecurity and Safety10.1051/sands/20240154(2024015)Online publication date: 30-Jan-2025
https://doi.org/10.1051/sands/2024015
Wei JChen P(2024)DSLR–: A low-overhead data structure layout randomization for defending data-oriented programmingJournal of Computer Security10.3233/JCS-23005332:3(221-246)Online publication date: 17-Jun-2024
https://doi.org/10.3233/JCS-230053
Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Show More Cited By

Code-pointer integrity
1. Security and privacy
  1. Systems security

Recommendations

Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks
ACSAC '15: Proceedings of the 31st Annual Computer Security Applications Conference

Despite decades of sustained effort, memory corruption attacks continue to be one of the most serious security threats faced today. They are highly sought after by attackers, as they provide ultimate control --- the ability to execute arbitrary low-...
Enforcing Unique Code Target Property for Control-Flow Integrity
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The goal of control-flow integrity (CFI) is to stop control-hijacking attacks by ensuring that each indirect control-flow transfer (ICT) jumps to its legitimate target. However, existing implementations of CFI have fallen short of this goal because ...
Code-pointer integrity
OSDI'14: Proceedings of the 11th USENIX conference on Operating Systems Design and Implementation

Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. ...

Comments

Information & Contributors

Information

Published In

The Continuing Arms Race: Code-Reuse Attacks and Defenses

March 2018

557 pages

ISBN:9781970001839

DOI:10.1145/3129743

Editors:
Per Larsen
Immunant, Inc.
,
Ahmad-Reza Sadeghi
Technische Universität Darmstadt

Publisher

Association for Computing Machinery and Morgan & Claypool

Publication History

Published: 01 March 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Chapter

Appears in

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

45
Total Citations
View Citations
554
Total Downloads

Downloads (Last 12 months)70
Downloads (Last 6 weeks)11

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chen PWei JYu ZChen J(2025)Key-area cyberspace mimic defense against data-oriented attacksSecurity and Safety10.1051/sands/20240154(2024015)Online publication date: 30-Jan-2025
https://doi.org/10.1051/sands/2024015
Wei JChen P(2024)DSLR–: A low-overhead data structure layout randomization for defending data-oriented programmingJournal of Computer Security10.3233/JCS-23005332:3(221-246)Online publication date: 17-Jun-2024
https://doi.org/10.3233/JCS-230053
Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Böhme MBodden EBultan TCadar CLiu YScanniello G(2024)Software Security Analysis in 2030 and Beyond: A Research RoadmapACM Transactions on Software Engineering and Methodology10.1145/3708533Online publication date: 19-Dec-2024
https://doi.org/10.1145/3708533
Orthen BBraunsdorf OZieris PHorsch J(2024)SoftBound+CETS RevisitedProceedings of the 17th European Workshop on Systems Security10.1145/3642974.3652285(22-28)Online publication date: 22-Apr-2024
https://dl.acm.org/doi/10.1145/3642974.3652285
Wu TChen LDu GMeng DShi G(2024)UltraVCS: Ultra-Fine-Grained Variable-Based Code Slicing for Automated Vulnerability DetectionIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.337421919(3986-4000)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3374219
Wang YLemieux-Mack CChantem TBaruah SZhang NWard B(2024)Partial Context-Sensitive Pointer Integrity for Real-time Embedded Systems2024 IEEE Real-Time Systems Symposium (RTSS)10.1109/RTSS62706.2024.00042(415-426)Online publication date: 10-Dec-2024
https://doi.org/10.1109/RTSS62706.2024.00042
Huang KPayer MQian ZSampson JTan GJaeger T(2024)Comprehensive Memory Safety Validation: An Alternative Approach to Memory SafetyIEEE Security and Privacy10.1109/MSEC.2024.337994722:4(40-49)Online publication date: 1-Jul-2024
https://dl.acm.org/doi/10.1109/MSEC.2024.3379947
Díez-Franco IUgarte-Pedrero XGarcía-Bringas P(2024)Optimized Data-Flow Integrity for Modern CompilersIEEE Access10.1109/ACCESS.2024.345455112(124171-124182)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3454551
Moghadam VSerra GAromolo FButtazzo GPrinetto P(2024)Memory Integrity Techniques for Memory-Unsafe Languages: A SurveyIEEE Access10.1109/ACCESS.2024.338047812(43201-43221)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3380478
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Chapter

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

Cited By

Recommendations

Control Flow and Code Integrity for COTS binaries: An Effective Defense Against Real-World ROP Attacks

Enforcing Unique Code Target Property for Control-Flow Integrity