Mensurando a Eficiência do Controle de Integridade de Fluxo Através do Contexto Dinâmico
Resumo
Sequestro de controle de fluxo é um ataque que explora corromper a memória responsável por um ponteiro de código para executar computação arbitrária no sistema alvo. Essas vulnerabilidades são mitigadas por políticas de integridade de fluxo de controle (CFI) que restringem os possíveis destinos de saltos que usam esses ponteiros. Como calcular a restrição perfeita é inviável computacionalmente, usam-se métricas para comparar a segurança de políticas diferentes. Neste artigo propomos duas métricas que levam em consideração o contexto dinâmico de execução e mostramos como elas podem ser usadas para direcionar o desenvolvimento de políticas de controle de fluxo mais restritivas.
Referências
Lmbench. https://sourceforge.net/projects/lmbench/. Accessed: 2020-07-31.
Phoronix test suit. https://www.phoronix-test-suite.com/. Accessed: 2020-07-31.
Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. (2005). Control-flow integrity: Principles, implementations, and applications. ACM SIGSAC Conference on Computer and Communications Security (CSS).
Burow, N., Carr, S., Nash, J., Larsen, P., Franz, M., and Brunthaler, S. (2017a). Control-flow integrity: Precision, security, and performance. ACM Comput. Surv.
Burow, N., Carr, S. A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., and Payer, M. (2017b). Control-flow integrity: Precision, security, and performance). ACM Computing Surveys, 50(16).
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A., Shacham, H., and Winandy, M. (2010). Return-oriented programming without returns. 7th ACM conference on Computer and communications security CCS ´10.
Chen, X., Slowinska, A., Andriesse, D., Bos, H., and Giuffrida, C. Stackarmor: Comprehensive protection from stack-based memory error vulnerabilities for binaries.
Chiueh, T. and Hsu, F. (2001). Rad: A compile-time solution to buffer overflow attacks. IEEE Distributed Computing Systems.
Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P.,, and Zhang, Q. (1998). Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. 8st USENIX Security Symposium.
Dang, T., Maniatis, P., and Wagner, D. (2015). The performance cost of shadow stacks and stack canaries. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security.
Evans, I., Fingeret, S., Gonzalez, J., Otgonbaatar, U., Tang, T., Shrobe, H., SidiroglouDouskos, S., Rinard, M., and Okhravi, H. (2015a). Missing the point(er): On the effectiveness of code pointer integrity. IEEE Symposium on Security and Privacy.
Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., and SidiroglouDouskos, S. (2015b). Control jujutsu. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security CCS ’15, pages 901–913.
Ge, X., Talele, N., Payer, M., and Jaeger, T. (2016). Fine-grained control-flow integrity for kernel software. IEEE European Symposium on Security and Privacy, EURO S and P.
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R.,, and Song, D. (2014). Code-pointer integrity. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI).
One, A. (1996). Smashing the stack for fun and profit. Phrack Magazine 49(14).
Prasad, M., Chiueh, T., and Brook, T. S. (2003). A binary rewriting defense against stack based buffer overflow attacks. USENIX Annual Technical Conference.
Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A., and Holz, T. (2015). Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in c++ applications. IEEE Symposium on Security and Privacy.
Shacham, H. (2007). The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). Proceeding CSS 07 Proceedings of the 14th ACM conference on Computer and communications security, pages 552–561.
Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. Proceeding CCS ’04 Proceedings of the 11th ACM conference on Computer and communications security, pages 298–307.
Snow, K., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., and Sadeghi, A. (2013). Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. Proceedings IEEE Symposium on Security and Privacy.
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, U., and Lozano, L. (2014). Enforcing forward-edge control-flow integrity in gcc & llvm. Proceedings of the 23rd USENIX Security Symposium.
Zhang, M. and Sekar, R. (2013). Control flow integrity for cots binaries. USENIX Security Symposium.
Phoronix test suit. https://www.phoronix-test-suite.com/. Accessed: 2020-07-31.
Abadi, M., Budiu, M., Erlingsson, U., and Ligatti, J. (2005). Control-flow integrity: Principles, implementations, and applications. ACM SIGSAC Conference on Computer and Communications Security (CSS).
Burow, N., Carr, S., Nash, J., Larsen, P., Franz, M., and Brunthaler, S. (2017a). Control-flow integrity: Precision, security, and performance. ACM Comput. Surv.
Burow, N., Carr, S. A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., and Payer, M. (2017b). Control-flow integrity: Precision, security, and performance). ACM Computing Surveys, 50(16).
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A., Shacham, H., and Winandy, M. (2010). Return-oriented programming without returns. 7th ACM conference on Computer and communications security CCS ´10.
Chen, X., Slowinska, A., Andriesse, D., Bos, H., and Giuffrida, C. Stackarmor: Comprehensive protection from stack-based memory error vulnerabilities for binaries.
Chiueh, T. and Hsu, F. (2001). Rad: A compile-time solution to buffer overflow attacks. IEEE Distributed Computing Systems.
Cowan, C., Pu, C., Maier, D., Hintony, H., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P.,, and Zhang, Q. (1998). Stackguard: Automatic adaptive detection and prevention of buffer-overflow attacks. 8st USENIX Security Symposium.
Dang, T., Maniatis, P., and Wagner, D. (2015). The performance cost of shadow stacks and stack canaries. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security.
Evans, I., Fingeret, S., Gonzalez, J., Otgonbaatar, U., Tang, T., Shrobe, H., SidiroglouDouskos, S., Rinard, M., and Okhravi, H. (2015a). Missing the point(er): On the effectiveness of code pointer integrity. IEEE Symposium on Security and Privacy.
Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., and SidiroglouDouskos, S. (2015b). Control jujutsu. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security CCS ’15, pages 901–913.
Ge, X., Talele, N., Payer, M., and Jaeger, T. (2016). Fine-grained control-flow integrity for kernel software. IEEE European Symposium on Security and Privacy, EURO S and P.
Kuznetsov, V., Szekeres, L., Payer, M., Candea, G., Sekar, R.,, and Song, D. (2014). Code-pointer integrity. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI).
One, A. (1996). Smashing the stack for fun and profit. Phrack Magazine 49(14).
Prasad, M., Chiueh, T., and Brook, T. S. (2003). A binary rewriting defense against stack based buffer overflow attacks. USENIX Annual Technical Conference.
Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A., and Holz, T. (2015). Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in c++ applications. IEEE Symposium on Security and Privacy.
Shacham, H. (2007). The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). Proceeding CSS 07 Proceedings of the 14th ACM conference on Computer and communications security, pages 552–561.
Shacham, H., Page, M., Pfaff, B., Goh, E., Modadugu, N., and Boneh, D. (2004). On the effectiveness of address-space randomization. Proceeding CCS ’04 Proceedings of the 11th ACM conference on Computer and communications security, pages 298–307.
Snow, K., Monrose, F., Davi, L., Dmitrienko, A., Liebchen, C., and Sadeghi, A. (2013). Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization. Proceedings IEEE Symposium on Security and Privacy.
Tice, C., Roeder, T., Collingbourne, P., Checkoway, S., Erlingsson, U., and Lozano, L. (2014). Enforcing forward-edge control-flow integrity in gcc & llvm. Proceedings of the 23rd USENIX Security Symposium.
Zhang, M. and Sekar, R. (2013). Control flow integrity for cots binaries. USENIX Security Symposium.
Publicado
13/10/2020
Como Citar
DELBONI, Pedro T.; MOREIRA, João; RIGO, Sandro.
Mensurando a Eficiência do Controle de Integridade de Fluxo Através do Contexto Dinâmico. In: SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Petrópolis.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2020
.
p. 450-463.
DOI: https://doi.org/10.5753/sbseg.2020.19256.
