Open access
Datum
2014Typ
- Report
ETH Bibliographie
yes
Altmetrics
Abstract
Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting memory corruption vulnerabilities. Control-Flow Integrity (CFI) is a promising defense mechanism that restricts open control-flow transfers to a static set of well-known locations. We present Lockdown, an approach to dynamic CFI that protects legacy, binary-only executables and libraries. Lockdown adaptively learns the control-flow graph of a running process using information from a trusted dynamic loader. The sandbox component of Lockdown restricts interactions between different shared objects to imported and exported functions by enforcing fine-grained CFI checks. Our prototype implementation shows that dynamic CFI results in low performance overhead. Mehr anzeigen
Persistenter Link
https://doi.org/10.3929/ethz-a-010171214Publikationsstatus
publishedZeitschrift / Serie
Technical Report / ETH Zurich, Department of Computer ScienceVerlag
ETH-ZürichThema
DATA SECURITY + DATA PROTECTION (OPERATING SYSTEMS); SPEICHERORGANISATION + SPEICHERVERWALTUNG (BETRIEBSSYSTEME); SPECIAL PROGRAMMING METHODS; SPEZIELLE PROGRAMMIERMETHODEN; STORAGE MANAGEMENT + MEMORY MANAGEMENT (OPERATING SYSTEMS); DATENSICHERHEIT + DATENSCHUTZ (BETRIEBSSYSTEME)Organisationseinheit
02150 - Dep. Informatik / Dep. of Computer Science03422 - Gross, Thomas (emeritus) / Gross, Thomas (emeritus)
ETH Bibliographie
yes
Altmetrics