New methods for the integrity of the data flow in operating systems and their applications

• Autores: Irene Díez Franco
• Directores de la Tesis: Pablo García Bringas (dir. tes.), Xabier Ugarte Pedrero (dir. tes.)
• Lectura: En la Universidad de Deusto ( España ) en 2025
• Idioma: inglés
• Tribunal Calificador de la Tesis: Héctor Quintián Pardo (presid.), Iker Pastor López (secret.), Javier del Ser Lorente (voc.)
• Programa de doctorado: Programa de Doctorado en Ingeniería para la Sociedad de la Información y Desarrollo Sostenible por la Universidad de Deusto
• Materias:
  • Matemáticas
    • Ciencia de los ordenadores
      • Inteligencia artificial
      • Informática
• Enlaces
  • Tesis en acceso abierto en: DeustoTeka
• Resumen

  • Thanks to the widespread deployment of information security techniques that protect applications and operating systems against control flow hijacking attacks, malicious actors face increased difficulties to exploit computer systems. This, however, has a downside, attackers are becoming more imaginative and try to find new and increasingly complex vulnerability exploitation techniques.

    One of these new techniques is based on exploiting the non-control data of a program with malicious intent, and the unfortunate news is that neither operating systems nor their applications currently deploy any known defences against this kind of attacks.

    In this dissertation we propose a compiler-based optimised defence based on the data-flow integrity property that allows practitioners to compile applications with security mechanisms in order to provide defences against non-control-data attacks.

    This defence has been built on top of the GCC compiler, allowing a widespread adoption and usage by any C application that can be compiled with GCC.

    Our implementation is set apart from previous works in the granularity and precision of its static analysis, providing broader security guarantees. Moreover, we provide two novel optimisations that on one hand give full control to the users so that they can define which types of non-control-data they wish to protect in their applications, and on the other hand allow to reduce the amount of basic blocks that the GCC compiler needs to protect by 45.8% in average, whilst maintaining the security guarantees.