Browse > Article
http://dx.doi.org/10.13089/JKIISC.2012.22.5.1159

Precise control flow protection based on source code  

Lee, JongHyup (Korea National University of Transportation)
Kim, Yong Seung (Korea National University of Transportation)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.22, no.5, 2012 , pp. 1159-1168 More about this Journal
Abstract
Control Flow Integrity(CFI) and Control Flow Locking(CFL) prevent unintended execution of software and provide integrity in control flow. Attackers, however, can still hijack program controls since CFI and CFL does not support fine-granularity, context-sensitive protection. In this paper, we propose a new CFI scheme, Source-code CFI(SCFI), to overcome the problems. SCFI provides context-sensitive locking for control flow. Thus, the proposed approach protects software against the attacks on the previous CFI and CFL schemes and improves safety.
Keywords
Software Security; Control Flow Integrity;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Address space layout randomization, http://pax.grsecurity.net/docs/aslr.txt
2 R. Wahbe, S. Lucco, T. Anderson, and S. Graham, "Efficient software-based fault isolation," Proceedings of the 14th ACM symposium on Operating systems principles (SOSP), pp. 203-216, Dec. 1993.
3 S. McCamant and G. Morrisett. "Efficient, verifiable binary sandboxing for a CISC architecture," MIT Technical Report MIT-CSAIL-TR-2005-030, MIT, May. 2005.
4 M. Abadi, M. Budiu, U. Erlingsson, and J. Ligatti, "Control-flow integrity principles, implementations, and applications," ACM Transactions on Information and System Security (TISSEC), vol. 13, no. 1, pp. 1-40, Oct. 2009.
5 T. Bletsch, X. Jiang, and V. Freeh, "Mitigating code-reuse attacks with control-flow locking," Proceedings of the 27th Annual Computer Security Applications Conference, pp. 353-362, Dec. 2011.
6 G. Necula, S. McPeak, and S. Rahul, "CIL: Intermediate language and tools for analysis and transformation of C programs," Proceedings of International Conference on Compiler Construction, pp. 213-228, Jan. 2002.
7 이종협, "단편화된 실행파일을 위한 데이터 구조 역공학 기법," 한국정보보호학회논문지, 22(3), pp. 615-619, 2012년 6월.