TY - GEN
T1 - There is safety in numbers
T2 - 17th Nordic Conference on Secure IT Systems, NordSec 2012
AU - Noorman, Job
AU - Nikiforakis, Nick
AU - Piessens, Frank
PY - 2012
Y1 - 2012
N2 - Despite the large number of proposed countermeasures against control-flow hijacking attacks, these attacks still pose a great threat for today's applications. The problem with existing solutions is that they either provide incomplete probabilistic protection (e.g., stack canaries) or impose a high runtime overhead (e.g., bounds checking). In this paper, we show how the concept of program-part duplication can be used to protect against control-flow hijacking attacks and present two different instantiations of the duplication concept which protect against popular attack vectors. First, we use the duplication of functions to eliminate the need of return addresses and thus provide complete protection against attacks targeting a function's return address. Then we demonstrate how the integrity of function pointers can be protected through the use of data duplication. We test the combined effectiveness of our two methods and experimentally show that they provide an almost complete protection against control-flow hijacking attacks with only a low runtime overhead in real-world applications.
AB - Despite the large number of proposed countermeasures against control-flow hijacking attacks, these attacks still pose a great threat for today's applications. The problem with existing solutions is that they either provide incomplete probabilistic protection (e.g., stack canaries) or impose a high runtime overhead (e.g., bounds checking). In this paper, we show how the concept of program-part duplication can be used to protect against control-flow hijacking attacks and present two different instantiations of the duplication concept which protect against popular attack vectors. First, we use the duplication of functions to eliminate the need of return addresses and thus provide complete protection against attacks targeting a function's return address. Then we demonstrate how the integrity of function pointers can be protected through the use of data duplication. We test the combined effectiveness of our two methods and experimentally show that they provide an almost complete protection against control-flow hijacking attacks with only a low runtime overhead in real-world applications.
KW - control-data attacks
KW - duplication
KW - function pointers
KW - return addresses
UR - https://www.scopus.com/pages/publications/84868384441
U2 - 10.1007/978-3-642-34210-3_8
DO - 10.1007/978-3-642-34210-3_8
M3 - Conference contribution
AN - SCOPUS:84868384441
SN - 9783642342097
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 105
EP - 120
BT - Secure IT Systems - 17th Nordic Conference, NordSec 2012, Proceedings
Y2 - 31 October 2012 through 2 November 2012
ER -