Enforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow Integrity

dc.contributor.authorIsmail, Mohannaden
dc.contributor.authorJelesnianski, Christopheren
dc.contributor.authorJang, Yeongjinen
dc.contributor.authorMin, Changwooen
dc.contributor.authorXiong, Wenjieen
dc.date.accessioned2024-05-02T12:35:17Zen
dc.date.available2024-05-02T12:35:17Zen
dc.date.issued2024-04-27en
dc.date.updated2024-05-01T07:49:09Zen
dc.description.abstractControl-flow hijacking and data-oriented attacks are becoming more sophisticated. These attacks, especially dataoriented attacks, can result in critical security threats, such as leaking an SSL key. Data-oriented attacks are hard to defend against with acceptable performance due to the sheer amount of data pointers present. The root cause of such attacks is using pointers in unintended ways; fundamentally, these attacks rely on abusing pointers to violate the original scope they were used in or the original types that they were declared as. This paper proposes Scope Type Integrity (STI), a new defense policy that enforces all pointers (both code and data pointers) to conform to the original programmer’s intent, as well as Runtime Scope Type Integrity (RSTI) mechanisms to enforce STI at runtime leveraging ARM Pointer Authentication. STI gathers information about the scope, type, and permissions of pointers. This information is then leveraged by RSTI to ensure pointers are legitimately utilized at runtime. We implemented three defense mechanisms of RSTI, with varying levels of security and performance tradeoffs to showcase the versatility of RSTI. We employ these three variants on a variety of benchmarks and real-world applications for a full security and performance evaluation of these mechanisms. Our results show that they have overheads of 5.29%, 2.97%, and 11.12%, respectively.en
dc.description.versionPublished versionen
dc.format.mimetypeapplication/pdfen
dc.identifier.doihttps://doi.org/10.1145/3620666.3651342en
dc.identifier.urihttps://hdl.handle.net/10919/118734en
dc.language.isoenen
dc.publisherACMen
dc.rightsCreative Commons Attribution 4.0 Internationalen
dc.rights.holderThe author(s)en
dc.rights.urihttp://creativecommons.org/licenses/by/4.0/en
dc.titleEnforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow Integrityen
dc.typeArticle - Refereeden
dc.type.dcmitypeTexten

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
3620666.3651342.pdf
Size:
1.32 MB
Format:
Adobe Portable Document Format
Description:
Published version
License bundle
Now showing 1 - 1 of 1
Name:
license.txt
Size:
1.5 KB
Format:
Item-specific license agreed upon to submission
Description: