Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense

Vtable reuse attack, as a novel type of code reuse attacks, is introduced to bypass most binary-level control flow integrity enforcement and vtable integrity enforcement. So far, two binary-level defenses (TypeArmor and vfGuard) are proposed to defend against vtable reuse attacks. Both techniques us...

Full description

Saved in:
Bibliographic Details
Main Authors: Wang, Chenyu, Chen, Bihuan, Liu, Yang, Wu, Hongjun
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2021
Subjects:
Online Access:https://hdl.handle.net/10356/151282
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-151282
record_format dspace
spelling sg-ntu-dr.10356-1512822021-06-16T04:02:26Z Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense Wang, Chenyu Chen, Bihuan Liu, Yang Wu, Hongjun School of Physical and Mathematical Sciences School of Computer Science and Engineering Engineering::Computer science and engineering Vtable Reuse Attacks Control Flow Integrity Vtable reuse attack, as a novel type of code reuse attacks, is introduced to bypass most binary-level control flow integrity enforcement and vtable integrity enforcement. So far, two binary-level defenses (TypeArmor and vfGuard) are proposed to defend against vtable reuse attacks. Both techniques use semantic information as the control flow integrity enforcement policy, i.e., TypeArmor and vfGuard utilize argument register count and dispatch offset at virtual callsite as the signature to check the validity of target functions, respectively. In this paper, we propose layered object-oriented programming (LOOP), an advanced vtable reuse attack, to show that the coarse-grained control flow integrity strategies are still vulnerable to vtable reuse attacks. In LOOP, we introduce argument expansion gadgets and transfer gadgets to, respectively, bypass TypeArmor and vfGuard. We generalize the characteristics of both gadgets and develop a tool to discover them at the binary level. We demonstrated that under the protection of TypeArmor and vfGuard, Firefox, Adobe Flash Player, and Internet Explorer are all vulnerable to LOOP attacks. Furthermore, we show the availability of argument expansion gadgets and transfer gadgets in common software or libraries. National Research Foundation (NRF) This work was supported in part by the National Research Foundation, Prime Ministers’ Office, Singapore, through the National Cybersecurity Research and Development Program under Grant NRF2016NCR-NCR002-026 and in part by the Shanghai Science and Technology Development Funds under Grant 16JC1400801. 2021-06-16T04:02:26Z 2021-06-16T04:02:26Z 2018 Journal Article Wang, C., Chen, B., Liu, Y. & Wu, H. (2018). Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense. IEEE Transactions On Information Forensics and Security, 14(3), 693-708. https://dx.doi.org/10.1109/TIFS.2018.2855648 1556-6013 0000-0002-1973-4464 https://hdl.handle.net/10356/151282 10.1109/TIFS.2018.2855648 2-s2.0-85049964510 3 14 693 708 en NRF2016NCR-NCR002-026 IEEE Transactions on Information Forensics and Security © 2018 IEEE. All rights reserved.
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Engineering::Computer science and engineering
Vtable Reuse Attacks
Control Flow Integrity
spellingShingle Engineering::Computer science and engineering
Vtable Reuse Attacks
Control Flow Integrity
Wang, Chenyu
Chen, Bihuan
Liu, Yang
Wu, Hongjun
Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
description Vtable reuse attack, as a novel type of code reuse attacks, is introduced to bypass most binary-level control flow integrity enforcement and vtable integrity enforcement. So far, two binary-level defenses (TypeArmor and vfGuard) are proposed to defend against vtable reuse attacks. Both techniques use semantic information as the control flow integrity enforcement policy, i.e., TypeArmor and vfGuard utilize argument register count and dispatch offset at virtual callsite as the signature to check the validity of target functions, respectively. In this paper, we propose layered object-oriented programming (LOOP), an advanced vtable reuse attack, to show that the coarse-grained control flow integrity strategies are still vulnerable to vtable reuse attacks. In LOOP, we introduce argument expansion gadgets and transfer gadgets to, respectively, bypass TypeArmor and vfGuard. We generalize the characteristics of both gadgets and develop a tool to discover them at the binary level. We demonstrated that under the protection of TypeArmor and vfGuard, Firefox, Adobe Flash Player, and Internet Explorer are all vulnerable to LOOP attacks. Furthermore, we show the availability of argument expansion gadgets and transfer gadgets in common software or libraries.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Wang, Chenyu
Chen, Bihuan
Liu, Yang
Wu, Hongjun
format Article
author Wang, Chenyu
Chen, Bihuan
Liu, Yang
Wu, Hongjun
author_sort Wang, Chenyu
title Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
title_short Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
title_full Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
title_fullStr Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
title_full_unstemmed Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
title_sort layered object-oriented programming : advanced vtable reuse attacks on binary-level defense
publishDate 2021
url https://hdl.handle.net/10356/151282
_version_ 1703971153574363136