Poster: control-flow integrity for smartphones

Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security Pub Date : 2011-10-17 DOI:10.1145/2046707.2093484

Lucas Davi, A. Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, R. Hund, S. Nürnberger, A. Sadeghi

{"title":"Poster: control-flow integrity for smartphones","authors":"Lucas Davi, A. Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, R. Hund, S. Nürnberger, A. Sadeghi","doi":"10.1145/2046707.2093484","DOIUrl":null,"url":null,"abstract":"Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness. In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications.","PeriodicalId":72687,"journal":{"name":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","volume":"6 1","pages":"749-752"},"PeriodicalIF":0.0000,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2046707.2093484","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness. In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications.

查看原文本刊更多论文

海报:智能手机的控制流完整性

尽管在过去的二十年里进行了广泛的研究，但对软件的运行时攻击仍然很普遍。最近，智能手机(如今有数百万人在使用)已成为对手的一个有吸引力的目标。然而，现有的解决方案要么是临时的，要么有效性有限。在这张海报中，我们提出了针对智能手机平台运行时攻击的一般对策。我们的方法利用了控制流完整性(CFI)，并解决了ARM架构和智能手机平台的独特挑战。我们的框架和实现是高效的，因为它不需要访问源代码，在运行时动态执行CFI强制，并且与内存随机化和代码签名/加密兼容。我们选择Apple iPhone作为参考实现，因为它已经成为运行时攻击的一个有吸引力的目标。我们在真实iOS设备上的性能评估表明，当应用于流行的iOS应用程序时，我们的实现不会引起任何显著的开销。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Conference on Computer and Communications Security : proceedings of the ... conference on computer and communications security. ACM Conference on Computer and Communications Security

CiteScore

9.20

自引率

0.00%

发文量