Data Is Flowing in the Wind: a Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks

• Irene Díez-Franco ^[1] ; Igor Santos ^[1]
  1. [1] Universidad de Deusto

     Universidad de Deusto

     Bilbao, España

     
• Localización: International Joint Conference SOCO’16-CISIS’16-ICEUTE’16: San Sebastián, Spain, October 19th-21st, 2016 Proceedings / coord. por Manuel Graña Romay, José Manuel López Guede, Oier Etxaniz, Álvaro Herrero Cosío, Héctor Quintián Pardo, Emilio Santiago Corchado Rodríguez, 2017, ISBN 978-3-319-47364-2, págs. 536-546
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • Security researchers have been focusing on developing mitigation and protection mechanisms against code-injection and code-reuse attacks. Modern defences focus on protecting the legitimate control-flowof a program, nevertheless they cannot withstand a more subtle type of attack, non-control-data attacks, since they follow the legitimate control flow, and thus leave no trace. Data-Flow Integrity(DFI) is a defence mechanism which aims to protect programs against non-control-data attacks. DFI uses static analysis to compute the data-flow graph of a program, and then, enforce at runtime that the data-flow of the program follows the legitimate path; otherwise the execution is aborted.In this paper, we review the state of the techniques to generate non-control-data attacks and present the state of DFI methods.