Hardware-Assisted Fine-Grained Code-Reuse Attack Detection

Hardware-Assisted Fine-Grained Code-Reuse Attack Detection

Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding...

Full description

Saved in:
Bibliographic Details
Main Authors: YUAN, Pinghai, ZENG, Qingkai, DING, Xuhua
Format: text
Language:English
Published: Institutional Knowledge at Singapore Management University 2015
Subjects:
Code-reuse attack
Control flow integrity
Indirect branch tracing
Computer Sciences
Information Security
Online Access:https://ink.library.smu.edu.sg/sis_research/3116
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Singapore Management University
Language: English
id sg-smu-ink.sis_research-4116
record_format dspace
spelling sg-smu-ink.sis_research-41162016-02-05T06:30:05Z Hardware-Assisted Fine-Grained Code-Reuse Attack Detection YUAN, Pinghai ZENG, Qingkai DING, Xuhua Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding malicious code. This paper proposes a practical scheme named as CFIGuard to detect code-reuse attacks on user space applications. CFIGuard traces every branch execution by leveraging hardware features of commodity processors, and then validates the traces based on fine-grained control flow graphs. We have implemented a prototype of CFIGuard on Linux and the experiments show that it only incurs around 2.9 % runtime overhead for a set of typical server applications. 2015-11-04T08:00:00Z text https://ink.library.smu.edu.sg/sis_research/3116 info:doi/10.1007/978-3-319-26362-5_4 Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Code-reuse attack Control flow integrity Indirect branch tracing Computer Sciences Information Security
institution Singapore Management University
building SMU Libraries
continent Asia
country Singapore
Singapore
content_provider SMU Libraries
collection InK@SMU
language English
topic Code-reuse attack
Control flow integrity
Indirect branch tracing
Computer Sciences
Information Security
spellingShingle Code-reuse attack
Control flow integrity
Indirect branch tracing
Computer Sciences
Information Security
YUAN, Pinghai
ZENG, Qingkai
DING, Xuhua
Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
description Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding malicious code. This paper proposes a practical scheme named as CFIGuard to detect code-reuse attacks on user space applications. CFIGuard traces every branch execution by leveraging hardware features of commodity processors, and then validates the traces based on fine-grained control flow graphs. We have implemented a prototype of CFIGuard on Linux and the experiments show that it only incurs around 2.9 % runtime overhead for a set of typical server applications.
format text
author YUAN, Pinghai
ZENG, Qingkai
DING, Xuhua
author_facet YUAN, Pinghai
ZENG, Qingkai
DING, Xuhua
author_sort YUAN, Pinghai
title Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
title_short Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
title_full Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
title_fullStr Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
title_full_unstemmed Hardware-Assisted Fine-Grained Code-Reuse Attack Detection
title_sort hardware-assisted fine-grained code-reuse attack detection
publisher Institutional Knowledge at Singapore Management University
publishDate 2015
url https://ink.library.smu.edu.sg/sis_research/3116
_version_ 1770572815233187840

Similar Items