Please use this identifier to cite or link to this item: http://hdl.handle.net/10125/50585

On the Effectiveness of Hardware Enforced Control Flow Integrity

File Size Format  
paper0698.pdf 260.66 kB Adobe PDF View/Open

Item Summary

Title:On the Effectiveness of Hardware Enforced Control Flow Integrity
Authors:Gadient, Austin
Keywords:Cyber-of-Things: Cyber Crimes, Cyber Security and Cyber Forensics
CFI, Exploit, Gadget, JOP, ROP
Date Issued:03 Jan 2018
Abstract:Defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and stack canaries have been circumvented by recent exploits. As a result, security researchers have turned towards Control Flow Integrity (CFI) to defend systems. Previous attempts to achieve CFI have tried to remain efficient and practical, but were exploitable. The NSA proposed a CFI system which integrates new hardware and program instrumentation. The purpose of this research is to assess and improve this proposal. In this paper, the system is exploited through the development of simple, vulnerable programs. It is shown to be effective in mitigating Jump Oriented Programming (JOP) attacks through an algorithm introduced as part of this work. Finally, different approaches are proposed to improve upon this system while their merits and issues are assessed.
Pages/Duration:9 pages
URI:http://hdl.handle.net/10125/50585
ISBN:978-0-9981331-1-9
DOI:10.24251/HICSS.2018.696
Rights:Attribution-NonCommercial-NoDerivatives 4.0 International
https://creativecommons.org/licenses/by-nc-nd/4.0/
Appears in Collections: Cyber-of-Things: Cyber Crimes, Cyber Security and Cyber Forensics


Please email libraryada-l@lists.hawaii.edu if you need this content in ADA-compliant format.

This item is licensed under a Creative Commons License Creative Commons