A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level

Victor Van Der Veen, Enes Goktas, Moritz Contag, Andre Pawoloski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Ilias Athanasopoulos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceedingConference contributionAcademicpeer-review

Abstract

Current binary-level Control-Flow Integrity (CFI) techniques are weak in determining the set of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of source code forces existing techniques to resort to a conservative address-taken policy that overapproximates this set. In contrast, source-level solutions can accurately infer the targets of indirect calls and thus detect malicious control-flow transfers more precisely. Given that source code is not always available, however, offering similar quality of protection at the binary level is important, but, unquestionably, more challenging than ever: recent work demonstrates powerful attacks such as Counterfeit Object-oriented Programming (COOP), which made the community believe that protecting software against control-flow diversion attacks at the binary level is rather impossible. In this paper, we propose binary-level analysis techniques to significantly reduce the number of possible targets for indirect branches. More specifically, we reconstruct a conservative approximation of target function prototypes by means of use-def analysis at possible callees. We then couple this with liveness analysis at each indirect callsite to derive a many-to-many relationship between callsites and target callees with a much higher precision compared to prior binary-level solutions. Experimental results on popular server programs and on SPEC CPU2006 show that TypeArmor, a prototype implementation of our approach, is efficient - with a runtime overhead of less than 3%. Furthermore, we evaluate to what extent TypeArmor can mitigate COOP and other advanced attacks and show that our approach can significantly reduce the number of targets on the forward edge. Moreover, we show that TypeArmor breaks published COOP exploits, providing concrete evidence that strict binary-level CFI can still mitigate advanced attacks, despite the absence of source information or C++ semantics.

Original languageEnglish
Title of host publicationProceedings - 2016 IEEE Symposium on Security and Privacy, SP 2016
PublisherInstitute of Electrical and Electronics Engineers, Inc.
Pages934-953
Number of pages20
ISBN (Electronic)9781509008247
DOIs
Publication statusPublished - 16 Aug 2016
Event2016 IEEE Symposium on Security and Privacy, SP 2016 - San Jose, United States
Duration: 23 May 201625 May 2016

Conference

Conference2016 IEEE Symposium on Security and Privacy, SP 2016
Country/TerritoryUnited States
CitySan Jose
Period23/05/1625/05/16

Keywords

  • classarmor

Fingerprint

Dive into the research topics of 'A Tough Call: Mitigating Advanced Code-Reuse Attacks at the Binary Level'. Together they form a unique fingerprint.

Cite this