Feel Me Flow: a Review of Control-FlowIntegrity Methods for User and Kernel Space

• Irene Díez-Franco ^[1] ; Igor Santos ^[1]
  1. [1] Universidad de Deusto

     Universidad de Deusto

     Bilbao, España

     
• Localización: International Joint Conference SOCO’16-CISIS’16-ICEUTE’16: San Sebastián, Spain, October 19th-21st, 2016 Proceedings / coord. por Manuel Graña Romay, José Manuel López Guede, Oier Etxaniz, Álvaro Herrero Cosío, Héctor Quintián Pardo, Emilio Santiago Corchado Rodríguez, 2017, ISBN 978-3-319-47364-2, págs. 477-486
• Idioma: inglés
• Texto completo no disponible (Saber más ...)
• Resumen

  • Attackers have evolved classic code-injection attacks, such as those caused by buffer overflows to sophisticated Turing-complete code-reuse attacks. Control-Flow Integrity (CFI) is a defence mechanism to eliminate control-flow hijacking attacks caused by common memory errors. CFI relies on static analysis for the creation of a program’s control-flow graph (CFG), then at runtime CFI ensures that the program follows the legitimate path. Thereby, when an attacker tries to execute malicious shellcode, CFI detects an unintended path and aborts execution. CFI heavily relies on static analysis for the accurate generation of the control-flow graph, and its security depends on how strictly the CFG is generated and enforced.This paper reviews the CFI schemes proposed over the last ten yearsand assesses their security guarantees against advanced exploitation tech-niques.