SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks

Proceedings 2019 Network and Distributed System Security Symposium Pub Date : 2014-01-01 DOI:10.14722/NDSS.2014.23287

Dongseok Jang, Zachary Tatlock, Sorin Lerner

{"title":"SafeDispatch: Securing C++ Virtual Calls from Memory Corruption Attacks","authors":"Dongseok Jang, Zachary Tatlock, Sorin Lerner","doi":"10.14722/NDSS.2014.23287","DOIUrl":null,"url":null,"abstract":"Several defenses have increased the cost of traditional, low-level attacks that corrupt control data, e.g. return addresses saved on the stack, to compromise program execution. In response, creative adversaries have begun circumventing these defenses by exploiting programming errors to manipulate pointers to virtual tables, or vtables, of C++ objects. These attacks can hijack program control flow whenever a virtual method of a corrupted object is called, potentially allowing the attacker to gain complete control of the underlying system. In this paper we present SAFEDISPATCH, a novel defense to prevent such vtable hijacking by statically analyzing C++ programs and inserting sufficient runtime checks to ensure that control flow at virtual method call sites cannot be arbitrarily influenced by an attacker. We implemented SAFEDISPATCH as a Clang++/LLVM extension, used our enhanced compiler to build a vtable-safe version of the Google Chromium browser, and measured the performance overhead of our approach on popular browser benchmark suites. By carefully crafting a handful of optimizations, we were able to reduce average runtime overhead to just 2.1%.","PeriodicalId":20444,"journal":{"name":"Proceedings 2019 Network and Distributed System Security Symposium","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2014-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"157","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings 2019 Network and Distributed System Security Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.14722/NDSS.2014.23287","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 157

Abstract

Several defenses have increased the cost of traditional, low-level attacks that corrupt control data, e.g. return addresses saved on the stack, to compromise program execution. In response, creative adversaries have begun circumventing these defenses by exploiting programming errors to manipulate pointers to virtual tables, or vtables, of C++ objects. These attacks can hijack program control flow whenever a virtual method of a corrupted object is called, potentially allowing the attacker to gain complete control of the underlying system. In this paper we present SAFEDISPATCH, a novel defense to prevent such vtable hijacking by statically analyzing C++ programs and inserting sufficient runtime checks to ensure that control flow at virtual method call sites cannot be arbitrarily influenced by an attacker. We implemented SAFEDISPATCH as a Clang++/LLVM extension, used our enhanced compiler to build a vtable-safe version of the Google Chromium browser, and measured the performance overhead of our approach on popular browser benchmark suites. By carefully crafting a handful of optimizations, we were able to reduce average runtime overhead to just 2.1%.

查看原文本刊更多论文

安全调度:保护c++虚拟调用免受内存损坏攻击

一些防御措施增加了传统的低级攻击的成本，这些攻击会破坏控制数据，例如保存在堆栈上的返回地址，从而危及程序的执行。作为回应，有创意的攻击者已经开始利用编程错误来操纵指向c++对象的虚表或虚表的指针，从而绕过这些防御。这些攻击可以在调用损坏对象的虚拟方法时劫持程序控制流，从而可能使攻击者获得对底层系统的完全控制。在本文中，我们提出了SAFEDISPATCH，这是一种新的防御方法，通过静态分析c++程序和插入足够的运行时检查来防止虚函数表劫持，以确保虚拟方法调用站点的控制流不会受到攻击者的任意影响。我们将SAFEDISPATCH实现为clang++ /LLVM扩展，使用我们增强的编译器构建一个vtable安全版本的Google Chromium浏览器，并在流行的浏览器基准套件上测量我们的方法的性能开销。通过精心制作一些优化，我们能够将平均运行时开销降低到2.1%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings 2019 Network and Distributed System Security Symposium

自引率

0.00%

发文量