Out of control: Overcoming control-flow integrity

Enes Göktaş, Elias Athanasopoulos, Herbert Bos, Georgios Portokalidis

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

314 Scopus citations

Abstract

As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its ideal form, CFI prevents flows of control that were not intended by the original program, effectively putting a stop to exploitation based on return oriented programming (and many other attacks besides). Two main problems have prevented CFI from being deployed in practice. First, many CFI implementations require source code or debug information that is typically not available for commercial software. Second, in its ideal form, the technique is very expensive. It is for this reason that current research efforts focus on making CFI fast and practical. Specifically, much of the work on practical CFI is applicable to binaries, and improves performance by enforcing a looser notion of control flow integrity. In this paper, we examine the security implications of such looser notions of CFI: are they still able to prevent code reuse attacks, and if not, how hard is it to bypass its protection? Specifically, we show that with two new types of gadgets, return oriented programming is still possible. We assess the availability of our gadget sets, and demonstrate the practicality of these results with a practical exploit against Internet Explorer that bypasses modern CFI implementations.

Original languageEnglish
Title of host publicationProceedings - IEEE Symposium on Security and Privacy
Pages575-589
Number of pages15
ISBN (Electronic)9781479946860
DOIs
StatePublished - 13 Nov 2014
Event35th IEEE Symposium on Security and Privacy, SP 2014 - San Jose, United States
Duration: 18 May 201421 May 2014

Publication series

NameProceedings - IEEE Symposium on Security and Privacy
ISSN (Print)1081-6011

Conference

Conference35th IEEE Symposium on Security and Privacy, SP 2014
Country/TerritoryUnited States
CitySan Jose
Period18/05/1421/05/14

Keywords

  • Control-flow integrity evaluation
  • code-reuse attack

Fingerprint

Dive into the research topics of 'Out of control: Overcoming control-flow integrity'. Together they form a unique fingerprint.

Cite this