Control flow integrity for COTS binaries

Mingwei Zhang; R. Sekar

Control flow integrity for COTS binaries

Mingwei Zhang
, R. Sekar

Computer Science

Stony Brook University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

488 Scopus citations

Abstract

Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applying CFI to stripped binaries on x86/Linux. Ours is the first work to apply CFI to complex shared libraries such as glibc. Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets. To achieve this result, we have developed robust techniques for disassembly, static analysis, and transformation of large binaries. Our techniques have been tested on over 300MB of binaries (executables and shared libraries).

Original language	English
Title of host publication	Proceedings of the 22nd USENIX Security Symposium
Publisher	USENIX Association
Pages	337-352
Number of pages	16
ISBN (Electronic)	9781931971034
State	Published - 2013
Event	22nd USENIX Security Symposium, USENIX Security 2013 - Washington, United States Duration: Aug 14 2013 → Aug 16 2013

Publication series

Name	Proceedings of the 22nd USENIX Security Symposium

Conference

Conference	22nd USENIX Security Symposium, USENIX Security 2013
Country/Territory	United States
City	Washington
Period	08/14/13 → 08/16/13

Cite this

@inproceedings{5a4fb651bb8d4c0caab2289aaa19471e,

title = "Control flow integrity for COTS binaries",

abstract = "Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applying CFI to stripped binaries on x86/Linux. Ours is the first work to apply CFI to complex shared libraries such as glibc. Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets. To achieve this result, we have developed robust techniques for disassembly, static analysis, and transformation of large binaries. Our techniques have been tested on over 300MB of binaries (executables and shared libraries).",

author = "Mingwei Zhang and R. Sekar",

note = "Publisher Copyright: copyright {\textcopyright} 2013 USENIX Security Symposium.All right reserved.; 22nd USENIX Security Symposium, USENIX Security 2013 ; Conference date: 14-08-2013 Through 16-08-2013",

year = "2013",

language = "English",

series = "Proceedings of the 22nd USENIX Security Symposium",

publisher = "USENIX Association",

pages = "337--352",

booktitle = "Proceedings of the 22nd USENIX Security Symposium",

}

TY - GEN

T1 - Control flow integrity for COTS binaries

AU - Zhang, Mingwei

AU - Sekar, R.

PY - 2013

Y1 - 2013

N2 - Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applying CFI to stripped binaries on x86/Linux. Ours is the first work to apply CFI to complex shared libraries such as glibc. Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets. To achieve this result, we have developed robust techniques for disassembly, static analysis, and transformation of large binaries. Our techniques have been tested on over 300MB of binaries (executables and shared libraries).

AB - Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence of relocation or debug information in the binary. In contrast, we present a technique for applying CFI to stripped binaries on x86/Linux. Ours is the first work to apply CFI to complex shared libraries such as glibc. Through experimental evaluation, we demonstrate that our CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets. To achieve this result, we have developed robust techniques for disassembly, static analysis, and transformation of large binaries. Our techniques have been tested on over 300MB of binaries (executables and shared libraries).

UR - https://www.scopus.com/pages/publications/85041451135

M3 - Conference contribution

AN - SCOPUS:85041451135

T3 - Proceedings of the 22nd USENIX Security Symposium

SP - 337

EP - 352

BT - Proceedings of the 22nd USENIX Security Symposium

PB - USENIX Association

T2 - 22nd USENIX Security Symposium, USENIX Security 2013

Y2 - 14 August 2013 through 16 August 2013

ER -

Control flow integrity for COTS binaries

Abstract

Publication series

Conference

Other files and links

Fingerprint

Cite this