Title: Control-Flow Bending:On the Effectiveness of Control-Flow Integrity
Author: N Carlini, A Barresi, M Payer, D Wagner, TR Gross
Publish: USENIX Security, 2015
------------------------------------------------------------
摘要部分(原文):
Control-Flow Integrity (CFI) is a defense which prevents control-flow hijacking attacks. While recent research has shown that coarse-grained CFI does not stop attacks, fine-grained CFI is believed to be secure.
We argue that assessing the effectiveness of practical CFI implementations is non-trivial and that common evaluation metrics fail to do so. We then evaluate fullyprecise static CFI — the most restrictive CFI policy that does not break functionality — and reveal limitations in its security. Using a generalization of non-control-data attacks which we call Control-Flow Bending (CFB), we show how an attacker can leverage a memory corruption vulnerability to achieve Turing-complete computation on memory using just calls to the standard library. We use this attack technique to evaluate fully-precise static CFI on six real binaries and show that in five out of six cases, powerful attacks are still possible. Our results suggest that CFI may not be a reliable defense against memory corruption vulnerabilities.
We further evaluate shadow stacks in combination with CFI and find that their presence for security is necessary: deploying shadow stacks removes arbitrary code execution capabilities of attackers in three of six cases.
------------------------------------------------------------
个人总结:
针对于内存保护三大方法的局限性:
1.ASLR:does not protect against information leakage
2.DEP:DEP protects against code injection but not against code reuse
3.stack canaries:protect only against contiguous overwrites of the stack
论文阅读总结 Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
原文:http://www.cnblogs.com/lzhdcyy/p/6409723.html