Betriebssysteme · Institut für Systemarchitektur · Fakultät Informatik · TU Dresden

16. 03. 2018

An Overview Of Control-Flow Integrity Enforcement

Konrad Gube

TU Dresden

Hauptseminar-Vortrag, abweichender Raum: APB 3080

Address space layout randomization, stack canaries and NX protection have made code injection attacks significantly harder, but failed to fundamentally solve the problem of control-flow hijacking. Advanced code reuse attacks have repeatedly been shown to bypass these protections. Control-flow integrity (CFI) promises a more fundamental solution: By keeping the control-flow within the confines of a valid control-flow graph, CFI systems may be able to stop control-flow hijacking altogether, instead of protecting against specific attacks only.
Repeated attempts at "coarse-grained" CFI have demonstrated that the precision of CFI enforcement is essential to its effectiveness. This talk gives an overview of different CFI enforcement techniques and attempts to compare them in regard to general approach, precision and performance overhead.
25. Jun 2020
· Copyright © 2001-2019 Operating Systems Group, TU Dresden | Impressum ·