打破active-set后边缘CFI

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI:10.1109/HST.2017.7951803

M. Theodorides, D. Wagner

{"title":"打破active-set后边缘CFI","authors":"M. Theodorides, D. Wagner","doi":"10.1109/HST.2017.7951803","DOIUrl":null,"url":null,"abstract":"Hardware-Assisted Flow Integrity extension (HAFIX) was proposed as a defense against code-reuse attacks that exploit backward edges (returns). HAFIX provides finegrained protection by confining return addresses to only target call sites in functions active on the call stack. We study whether the backward-edge policy in HAFIX is sufficient to prevent code-reuse exploits on real-world programs. In this paper, we present three general attacks that exploit weaknesses in HAFIX and demonstrate these attacks are effective in case studies examining Nginx web server, Exim mail server, and PHP. We then propose improvements to HAFIX we believe will improve its effectiveness against code-reuse attacks.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"14","resultStr":"{\"title\":\"Breaking active-set backward-edge CFI\",\"authors\":\"M. Theodorides, D. Wagner\",\"doi\":\"10.1109/HST.2017.7951803\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Hardware-Assisted Flow Integrity extension (HAFIX) was proposed as a defense against code-reuse attacks that exploit backward edges (returns). HAFIX provides finegrained protection by confining return addresses to only target call sites in functions active on the call stack. We study whether the backward-edge policy in HAFIX is sufficient to prevent code-reuse exploits on real-world programs. In this paper, we present three general attacks that exploit weaknesses in HAFIX and demonstrate these attacks are effective in case studies examining Nginx web server, Exim mail server, and PHP. We then propose improvements to HAFIX we believe will improve its effectiveness against code-reuse attacks.\",\"PeriodicalId\":190635,\"journal\":{\"name\":\"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"volume\":\"25 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2017-05-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"14\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/HST.2017.7951803\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2017.7951803","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 14

摘要

提出了硬件辅助流完整性扩展(HAFIX)来防御利用后边(返回)的代码重用攻击。HAFIX通过将返回地址限制为仅在调用堆栈上活动的函数中的目标调用站点来提供细粒度的保护。我们研究HAFIX中的后端策略是否足以防止实际程序中的代码重用漏洞。在本文中，我们提出了三种利用HAFIX弱点的一般攻击，并通过对Nginx web服务器、Exim邮件服务器和PHP的案例研究证明了这些攻击是有效的。然后，我们提出对HAFIX的改进，我们相信这将提高其对抗代码重用攻击的有效性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Breaking active-set backward-edge CFI

Hardware-Assisted Flow Integrity extension (HAFIX) was proposed as a defense against code-reuse attacks that exploit backward edges (returns). HAFIX provides finegrained protection by confining return addresses to only target call sites in functions active on the call stack. We study whether the backward-edge policy in HAFIX is sufficient to prevent code-reuse exploits on real-world programs. In this paper, we present three general attacks that exploit weaknesses in HAFIX and demonstrate these attacks are effective in case studies examining Nginx web server, Exim mail server, and PHP. We then propose improvements to HAFIX we believe will improve its effectiveness against code-reuse attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)

自引率

0.00%

发文量