Evaluating Modern Defenses Against Control Flow Hijacking
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Strong defenses such as complete memory safety for legacy languagesCC incur a large overhead, while weaker and practical defenses such as Code Pointer Integrity CPI and Control Flow Integrity CFI have their weaknesses. In this thesis, we present attacks that expose the fundamental weaknesses of CPI and CFI.CPI promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is isolated by hardward enforcement on 0x86-32 architecture and by information-hiding on 0x86-64 and ARM architectures. We show that when CPI relies on information hiding, its safe region can be leaked and thus rendering it ineffective against malicious exploits.
- Computer Programming and Software
- Computer Systems Management and Standards