Practical Context-sensitive CFI

Victor van der Veen; Dennis Andriesse; Enes Goktas; Ben Gras; Lionel Adrien Sambuc; Asia Slowinska; Herbert Bos; Cristiano Giuffrida

doi:10.1145/2810103.2813673

Practical Context-sensitive CFI

Victor van der Veen, Dennis Andriesse, Enes Goktas, Ben Gras, Lionel Adrien Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive to the context of preceding edges. Recent work demonstrates that this leaves sufficient leeway for powerful ROP attacks. Context-sensitive CFI, which can provide enhanced security, is widely considered impractical for real-world adoption. Our work shows that Context-sensitive CFI (CCFI) for both the backward and forward edge can be implemented efficiently on commodity hardware. We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Even with simple context-sensitive policies, PathArmor yields significantly stronger CFI invariants than context-insensitive CFI, with similar performance.

Original language	English
Title of host publication	CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery (ACM)
Pages	927-940
Number of pages	14
Volume	2015-October
ISBN (Electronic)	9781450338325
DOIs	https://doi.org/10.1145/2810103.2813673
Publication status	Published - 12 Oct 2015
Event	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States Duration: 12 Oct 2015 → 16 Oct 2015

Conference

Conference	22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Country/Territory	United States
City	Denver
Period	12/10/15 → 16/10/15

Keywords

Context-sensitive CFI
Control-flow integrity

Access to Document

10.1145/2810103.2813673

Handle.net

Persistent link

Cite this

@inproceedings{dece7f27d6364033b5e6dafda9b9e6d2,

title = "Practical Context-sensitive CFI",

abstract = "Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive to the context of preceding edges. Recent work demonstrates that this leaves sufficient leeway for powerful ROP attacks. Context-sensitive CFI, which can provide enhanced security, is widely considered impractical for real-world adoption. Our work shows that Context-sensitive CFI (CCFI) for both the backward and forward edge can be implemented efficiently on commodity hardware. We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Even with simple context-sensitive policies, PathArmor yields significantly stronger CFI invariants than context-insensitive CFI, with similar performance.",

keywords = "Context-sensitive CFI, Control-flow integrity",

author = "{van der Veen}, Victor and Dennis Andriesse and Enes Goktas and Ben Gras and Sambuc, {Lionel Adrien} and Asia Slowinska and Herbert Bos and Cristiano Giuffrida",

year = "2015",

month = oct,

day = "12",

doi = "10.1145/2810103.2813673",

language = "English",

volume = "2015-October",

pages = "927--940",

booktitle = "CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery (ACM)",

note = "22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 ; Conference date: 12-10-2015 Through 16-10-2015",

}

van der Veen, V, Andriesse, D, Goktas, E, Gras, B, Sambuc, LA, Slowinska, A , Bos, H & Giuffrida, C 2015, Practical Context-sensitive CFI. in CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. vol. 2015-October, Association for Computing Machinery (ACM), pp. 927-940, 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015, Denver, United States, 12/10/15. https://doi.org/10.1145/2810103.2813673

Practical Context-sensitive CFI. / van der Veen, Victor; Andriesse, Dennis; Goktas, Enes et al.
CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Vol. 2015-October Association for Computing Machinery (ACM), 2015. p. 927-940.

Research output: Chapter in Book / Report / Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Practical Context-sensitive CFI

AU - van der Veen, Victor

AU - Andriesse, Dennis

AU - Goktas, Enes

AU - Gras, Ben

AU - Sambuc, Lionel Adrien

AU - Slowinska, Asia

AU - Bos, Herbert

AU - Giuffrida, Cristiano

PY - 2015/10/12

Y1 - 2015/10/12

N2 - Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive to the context of preceding edges. Recent work demonstrates that this leaves sufficient leeway for powerful ROP attacks. Context-sensitive CFI, which can provide enhanced security, is widely considered impractical for real-world adoption. Our work shows that Context-sensitive CFI (CCFI) for both the backward and forward edge can be implemented efficiently on commodity hardware. We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Even with simple context-sensitive policies, PathArmor yields significantly stronger CFI invariants than context-insensitive CFI, with similar performance.

AB - Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive to the context of preceding edges. Recent work demonstrates that this leaves sufficient leeway for powerful ROP attacks. Context-sensitive CFI, which can provide enhanced security, is widely considered impractical for real-world adoption. Our work shows that Context-sensitive CFI (CCFI) for both the backward and forward edge can be implemented efficiently on commodity hardware. We present PathArmor, a binary-level CCFI implementation which tracks paths to sensitive program states, and defines the set of valid control edges within the state context to yield higher precision than existing CFI implementations. Even with simple context-sensitive policies, PathArmor yields significantly stronger CFI invariants than context-insensitive CFI, with similar performance.

KW - Context-sensitive CFI

KW - Control-flow integrity

UR - http://www.scopus.com/inward/record.url?scp=84954175453&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84954175453&partnerID=8YFLogxK

U2 - 10.1145/2810103.2813673

DO - 10.1145/2810103.2813673

M3 - Conference contribution

VL - 2015-October

SP - 927

EP - 940

BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery (ACM)

T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015

Y2 - 12 October 2015 through 16 October 2015

ER -

Practical Context-sensitive CFI

Abstract

Conference

Keywords

Access to Document

Handle.net

Other files and links

Fingerprint

Cite this