On the Effectiveness of Hardware Enforced Control Flow Integrity

dc.contributor.authorGadient, Austin
dc.date.accessioned2017-12-28T02:18:37Z
dc.date.available2017-12-28T02:18:37Z
dc.date.issued2018-01-03
dc.description.abstractDefenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and stack canaries have been circumvented by recent exploits. As a result, security researchers have turned towards Control Flow Integrity (CFI) to defend systems. Previous attempts to achieve CFI have tried to remain efficient and practical, but were exploitable. The NSA proposed a CFI system which integrates new hardware and program instrumentation. The purpose of this research is to assess and improve this proposal. In this paper, the system is exploited through the development of simple, vulnerable programs. It is shown to be effective in mitigating Jump Oriented Programming (JOP) attacks through an algorithm introduced as part of this work. Finally, different approaches are proposed to improve upon this system while their merits and issues are assessed.
dc.format.extent9 pages
dc.identifier.doi10.24251/HICSS.2018.696
dc.identifier.isbn978-0-9981331-1-9
dc.identifier.urihttp://hdl.handle.net/10125/50585
dc.language.isoeng
dc.relation.ispartofProceedings of the 51st Hawaii International Conference on System Sciences
dc.rightsAttribution-NonCommercial-NoDerivatives 4.0 International
dc.rights.urihttps://creativecommons.org/licenses/by-nc-nd/4.0/
dc.subjectCyber-of-Things: Cyber Crimes, Cyber Security and Cyber Forensics
dc.subjectCFI, Exploit, Gadget, JOP, ROP
dc.titleOn the Effectiveness of Hardware Enforced Control Flow Integrity
dc.typeConference Paper
dc.type.dcmiText

Files

Original bundle
Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
paper0698.pdf
Size:
260.66 KB
Format:
Adobe Portable Document Format