Evaluating modern defenses against control flow hijacking
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | eng |
| Published: |
Massachusetts Institute of Technology
2016
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/1721.1/106003 |
| _version_ | 1811096232901214208 |
|---|---|
| author | Otgonbaatar, Ulziibayar |
| author2 | Hamed Okhravi and Howard Shrobe. |
| author_facet | Hamed Okhravi and Howard Shrobe. Otgonbaatar, Ulziibayar |
| author_sort | Otgonbaatar, Ulziibayar |
| collection | MIT |
| description | Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. |
| first_indexed | 2024-09-23T16:40:42Z |
| format | Thesis |
| id | mit-1721.1/106003 |
| institution | Massachusetts Institute of Technology |
| language | eng |
| last_indexed | 2024-09-23T16:40:42Z |
| publishDate | 2016 |
| publisher | Massachusetts Institute of Technology |
| record_format | dspace |
| spelling | mit-1721.1/1060032019-04-12T17:20:45Z Evaluating modern defenses against control flow hijacking Otgonbaatar, Ulziibayar Hamed Okhravi and Howard Shrobe. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science. Electrical Engineering and Computer Science. Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015. This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections. Cataloged from student-submitted PDF version of thesis. Includes bibliographical references (pages 65-70). Memory corruption attacks continue to be a major vector of attack for compromising modern systems. Strong defenses such as complete memory safety for legacy languages (C/C++) incur a large overhead, while weaker and practical defenses such as Code Pointer Integrity (CPI) and Control Flow Integrity (CFI) have their weaknesses. In this thesis, we present attacks that expose the fundamental weaknesses of CPI and CFI. CPI promises to balance security and performance by focusing memory safety on code pointers thus preventing most control-hijacking attacks while maintaining low overhead. CPI protects access to code pointers by storing them in a safe region that is isolated by hardward enforcement on 0x86-32 architecture and by information-hiding on 0x86-64 and ARM architectures. We show that when CPI relies on information hiding, it's safe region can be leaked and thus rendering it ineffective against malicious exploits. CFI works by assigning tags to indirect branch targets statically and checking them at runtime. Coarse-grained enforcements of CFI that use a small number of tags to improve the performance overhead have been shown to be ineffective. As a result, a number of recent efforts have focused on fine-grained enforcement of CFI as it was originally proposed. In this work, we show that even a fine-grained form of CFI with unlimited number of tags is ineffective in protecting against attacks. We show that many popular code bases such as Apache and Nginx use coding practices that create flexibility in their intended control flow graph (CFG) even when a strong static analyzer is used to construct the CFG. These flexibilities allow an attacker to gain control of the execution while strictly adhering to a fine-grained CFI. by Ulziibayar Otgonbaatar. M. Eng. 2016-12-22T15:18:11Z 2016-12-22T15:18:11Z 2015 2015 Thesis http://hdl.handle.net/1721.1/106003 965799420 eng M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582 70 pages application/pdf Massachusetts Institute of Technology |
| spellingShingle | Electrical Engineering and Computer Science. Otgonbaatar, Ulziibayar Evaluating modern defenses against control flow hijacking |
| title | Evaluating modern defenses against control flow hijacking |
| title_full | Evaluating modern defenses against control flow hijacking |
| title_fullStr | Evaluating modern defenses against control flow hijacking |
| title_full_unstemmed | Evaluating modern defenses against control flow hijacking |
| title_short | Evaluating modern defenses against control flow hijacking |
| title_sort | evaluating modern defenses against control flow hijacking |
| topic | Electrical Engineering and Computer Science. |
| url | http://hdl.handle.net/1721.1/106003 |
| work_keys_str_mv | AT otgonbaatarulziibayar evaluatingmoderndefensesagainstcontrolflowhijacking |