通过执行位置等价检查保护遗留代码免受控制劫持

2016 IEEE International Conference on Software Quality, Reliability and Security (QRS) Pub Date : 2016-08-01 DOI:10.1109/QRS.2016.35

Tobias F. Pfeffer, Stefan Sydow, Joachim Fellmuth, Paula Herber

{"title":"通过执行位置等价检查保护遗留代码免受控制劫持","authors":"Tobias F. Pfeffer, Stefan Sydow, Joachim Fellmuth, Paula Herber","doi":"10.1109/QRS.2016.35","DOIUrl":null,"url":null,"abstract":"Current anomaly detection systems that enforce control flow integrity based on control flow graph information are not able to precisely monitor dynamic aspects of execution. Consequently, they are typically too coarse-grained to comprehensively detect modern code-reuse attacks. Even when enriched with dynamic monitoring information such as shadow stacks, the heuristics used are either too imprecise or produce many false negatives. In this paper, we present a novel approach to establish control flow integrity in multi-variant execution through execution location equivalence. The concept of execution location equivalence allows us to precisely detect execution divergence using a diversified control flow model and, consequently, to detect a broad variety of code-reuse attacks. In this way, execution of position-independent executables can be reliably rotected against a broad range of control hijacking attacks.","PeriodicalId":412973,"journal":{"name":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","volume":"44 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Protecting Legacy Code against Control Hijacking via Execution Location Equivalence Checking\",\"authors\":\"Tobias F. Pfeffer, Stefan Sydow, Joachim Fellmuth, Paula Herber\",\"doi\":\"10.1109/QRS.2016.35\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Current anomaly detection systems that enforce control flow integrity based on control flow graph information are not able to precisely monitor dynamic aspects of execution. Consequently, they are typically too coarse-grained to comprehensively detect modern code-reuse attacks. Even when enriched with dynamic monitoring information such as shadow stacks, the heuristics used are either too imprecise or produce many false negatives. In this paper, we present a novel approach to establish control flow integrity in multi-variant execution through execution location equivalence. The concept of execution location equivalence allows us to precisely detect execution divergence using a diversified control flow model and, consequently, to detect a broad variety of code-reuse attacks. In this way, execution of position-independent executables can be reliably rotected against a broad range of control hijacking attacks.\",\"PeriodicalId\":412973,\"journal\":{\"name\":\"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"volume\":\"44 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/QRS.2016.35\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/QRS.2016.35","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

当前基于控制流图信息强制控制流完整性的异常检测系统不能精确监控执行的动态方面。因此，它们通常过于粗粒度，无法全面检测现代代码重用攻击。即使添加了动态监控信息(如影子堆栈)，所使用的启发式方法要么过于不精确，要么产生许多假阴性。本文提出了一种通过执行位置等价来建立多变量执行控制流完整性的新方法。执行位置等价的概念允许我们使用多样化的控制流模型精确地检测执行差异，从而检测各种代码重用攻击。通过这种方式，可以可靠地保护与位置无关的可执行文件的执行免受各种控制劫持攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Protecting Legacy Code against Control Hijacking via Execution Location Equivalence Checking

Current anomaly detection systems that enforce control flow integrity based on control flow graph information are not able to precisely monitor dynamic aspects of execution. Consequently, they are typically too coarse-grained to comprehensively detect modern code-reuse attacks. Even when enriched with dynamic monitoring information such as shadow stacks, the heuristics used are either too imprecise or produce many false negatives. In this paper, we present a novel approach to establish control flow integrity in multi-variant execution through execution location equivalence. The concept of execution location equivalence allows us to precisely detect execution divergence using a diversified control flow model and, consequently, to detect a broad variety of code-reuse attacks. In this way, execution of position-independent executables can be reliably rotected against a broad range of control hijacking attacks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2016 IEEE International Conference on Software Quality, Reliability and Security (QRS)

自引率

0.00%

发文量