research-article

Open access

VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks

Authors:

Mohannad Ismail,

Christopher Jelesnianski,

Changwoo MinAuthors Info & Claims

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Pages 1612 - 1626

https://doi.org/10.1145/3460120.3485376

Published: 13 November 2021 Publication History

Abstract

Most modern software attacks are rooted in memory corruption vulnerabilities, which are capable of altering security-sensitive data (e.g., function pointers) to unintended values. This paper introduces a new security property, the Value Invariant Property (VIP), and HyperSpace, our prototype that enforces VIP on security-sensitive data. HyperSpace safeguards the integrity of "data values" instead of enforcing control/data flow, allowing for low runtime overhead, yet defeating critical attacks effectively. We implement four representative security policies including Control Flow Integrity (VIP-CFI), Code Pointer Integrity (VIP-CPI), Virtual function Table protection (VIP-VTPtr), and heap metadata protection based on HyperSpace. We evaluate HyperSpace with SPEC CPU2006 benchmarks and real-world applications (NGINX and PostgreSQL) and test how HyperSpace defeats memory corruption-based attacks, including three real-world exploits and six attacks that bypass existing defenses (COOP, heap exploits, etc.). Our experimental evaluation shows that HyperSpace successfully stops all these attacks with low runtime overhead: 0.88% and 6.18% average performance overhead for VIP-CFI and VIP-CPI, respectively, and overall approximately 13.18% memory overhead with VIP-CPI in SPEC CPU2006.

References

[1]

Mart'in Abadi, Mihai Budiu, Ulfar Erlingsson, and Jay Ligatti. 2005. Control-flow integrity. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS). Alexandria, VA.

Digital Library

[2]

Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, and Miguel Castro. 2008. Preventing Memory Error Exploits with WIT. In Proceedings of the 2008 IEEE Symposium on Security and Privacy. 263--277.

Digital Library

[3]

Emery D. Berger and Benjamin G. Zorn. 2006. DieHard: Probabilistic Memory Safety for Unsafe Languages. In Proceedings of the 2006 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). Ottawa, Canada.

[4]

Andrea Bittau, Adam Belay, Ali Mashtizadeh, David Mazières, and Dan Boneh. 2014. Hacking blind. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[5]

Tyler Bletsch, Xuxian Jiang, Vince W. Freeh, and Zhenkai Liang. 2011. Jump-Oriented Programming: A New Class of Code-Reuse Attack. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS). Hong Kong, China, 30--40.

Digital Library

[6]

Nathan Burow, Scott A Carr, Joseph Nash, Per Larsen, Michael Franz, Stefan Brunthaler, and Mathias Payer. 2017. Control-flow integrity: Precision, security, and performance. ACM Computing Surveys (CSUR), Vol. 50, 1 (2017), 16.

Digital Library

[7]

Nathan Burow, Derrick McKee, Scott A. Carr, and Mathias Payer. 2018. CFIXX: Object Type Integrity for C+ Virtual Dispatch. In Proceedings of the 2018 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[8]

Nathan Burow, Xinping Zhang, and Mathias Payer. 2019. SoK: Shining Light on Shadow Stacks. In Proceedings of the 40th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[9]

Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R Gross. 2015. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity. In Proceedings of the 24th USENIX Security Symposium (Security). Washington, DC.

[10]

Scott A. Carr and Mathias Payer. 2017. DataShield: Configurable Data Confidentiality and Integrity. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 193--204.

[11]

Miguel Castro, Manuel Costa, and Tim Harris. 2006. Securing Software by Enforcing Data-flow Integrity. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Seattle, WA, 147--160.

[12]

Yueqiang Cheng, Zongwei Zhou, Yu Miao, Xuhua Ding, and Robert H Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attack. In Proceedings of the 2014 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[13]

Catalin Cimpanu. 2019. Microsoft: 70 percent of all security bugs are memory safety issues. https://www.zdnet.com/article/microsoft-70-percent-of-all-security-bugs-are-memory-safety-issues/.

[14]

R. Joseph Connor, Tyler McDaniel, Jared M. Smith, and Max Schuchard. 2020. PKU Pitfalls: Attacks on PKU-based Memory Isolation Systems. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, 1409--1426. https://www.usenix.org/conference/usenixsecurity20/presentation/connor

[15]

Thurston H.Y. Dang, Petros Maniatis, and David Wagner. 2017. Oscar: A Practical Page-Permissions-Based Scheme for Thwarting Dangling Pointers. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada.

[16]

Lucas Davi, Ahmad-Reza Sadeghi, Daniel Lehmann, and Fabian Monrose. 2014. Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained Control-Flow Integrity Protection. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.

[17]

Dhaval Kapil. 2019. Unlink Exploit. https://heap-exploitation.dhavalkapil.com/attacks/unlink_exploit.html.

[18]

Ren Ding, Chenxiong Qian, Chengyu Song, Bill Harris, Taesoo Kim, and Wenke Lee. 2017. Efficient protection of path-sensitive control security. In Proceedings of the 26th USENIX Security Symposium (Security). Vancouver, BC, Canada, 131--148.

[19]

Dongliang Mu. 2018. CVE-2015--8668. cve-2015--8668-exploit.

[20]

Doug Lea. 2000. A Memory Allocator. http://gee.cs.oswego.edu/dl/html/malloc.html.

[21]

Moritz Eckert, Antonio Bianchi, Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna. 2018. HeapHopper: Bringing Bounded Model Checking to Heap Implementation Security. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD.

[22]

Chris Evans. 2014. The poisoned NUL byte, 2014 edition. https://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html.

[23]

Isaac Evans, Sam Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015a. Missing the point (er): On the effectiveness of code pointer integrity. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[24]

Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015b. Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado, 901--913.

Digital Library

[25]

Forum of Incident Response and Security Teams, Inc. 2020 a. Common Vulnerability Scoring System version 3.1 Examples Revision 1. https://www.first.org/cvss/v3--1/cvss-v31-examples_r1.pdf.

[26]

Forum of Incident Response and Security Teams, Inc. 2020 b. Common Vulnerability Scoring System version 3.1 Specification Document Revision 1. https://www.first.org/cvss/v3--1/cvss-v31-specification_r1.pdf.

[27]

Tommaso Frassetto, Patrick Jauernig, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2018. IMIX: in-process memory isolation extension. In Proceedings of the 27th USENIX Conference on Security Symposium. USENIX Association, 83--97.

[28]

Free Software Foundation. 2019. MallocInternals - glibc wiki. https://sourceware.org/glibc/wiki/MallocInternals.

[29]

Xinyang Ge, Weidong Cui, and Trent Jaeger. 2017. Griffin: Guarding control flows using intel processor trace. In Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Xi'an, China.

Digital Library

[30]

Will Glozer. 2019. a HTTP benchmarking tool. https://github.com/wg/wrk.

[31]

Enes Göktas, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis. 2014. Out of control: Overcoming control-flow integrity. In Proceedings of the 35th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[32]

Enes Göktacs, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, and Herbert Bos. 2016. Undermining Information Hiding (and What to Do about It). In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.

[33]

Google. [n.d.]. TCMalloc. https://google.github.io/tcmalloc/.

[34]

Jens Grossklags and Claudia Eckert. 2018. τCFI: Type-Assisted Control Flow Integrity for x86--64 Binaries. In Proceedings of the 21th International Symposium on Research in Attacks, Intrusions and Defenses (RAID). Heraklion, Crete, Greece.

[35]

Yufei Gu, Qingchuan Zhao, Yinqian Zhang, and Zhiqiang Lin. 2017. PT-CFI: Transparent backward-edge control flow violation detection using intel processor trace. In Proceedings of the 7th ACM Conference on Data and Application Security and Privacy (CODASPY). Scottsdale, AZ.

Digital Library

[36]

Hong Hu, Chenxiong Qian, Carter Yagemann, Simon Pak Ho Chung, William R. Harris, Taesoo Kim, and Wenke Lee. 2018. Enforcing Unique Code Target Property for Control-Flow Integrity. In Proceedings of the 25th ACM Conference on Computer and Communications Security (CCS). Toronto, ON, Canada.

Digital Library

[37]

Intel. 2020. Intel CET Answers Call to Protect Against Common Malware Threats. https://newsroom.intel.com/editorials/intel-cet-answers-call-protect-common-malware-threats.

[38]

Intel Corporation. 2019 a. Control-flow Enforcement Technology Specification Revision 3.0. https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf.

[39]

Intel Corporation. 2019 b. Intel 64 and IA-32 Architectures Software Developer's Manual. https://software.intel.com/en-us/articles/intel-sdm.

[40]

Jonathan Corbet. 2004. x86 NX support. https://lwn.net/Articles/87814/.

[41]

Mustakimur Khandaker, Abu Naser, Wenqing Liu, Zhi Wang, Yajin Zhou, and Yueqiang Cheng. 2019 b. Adaptive Call-site Sensitive Control Flow Integrity. In 2019 IEEE European Symposium on Security and Privacy (EuroS&P). IEEE, 95--110.

[42]

Mustakimur Rahman Khandaker, Wenqing Liu, Abu Naser, Zhi Wang, and Jie Yang. 2019 a. Origin-sensitive Control Flow Integrity. In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA.

[43]

Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, and Elias Athanasopoulos. 2017a. No Need to Hide: Protecting Safe Regions on Commodity Hardware. In Proceedings of the 12th European Conference on Computer Systems (EuroSys). Belgrade, Serbia, 437--452.

Digital Library

[44]

Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, and Elias Athanasopoulos. 2017b. No Need to Hide: Protecting Safe Regions on Commodity Hardware. In Proceedings of the 2017 European Conference on Computer Systems. 437--452.

Digital Library

[45]

Volodymyr Kuznetsov, László Szekeres, Mathias Payer, George Candea, R Sekar, and Dawn Song. 2014. Code-Pointer Integrity. In Proceedings of the 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI). Broomfield, Colorado.

Digital Library

[46]

Yuan Li, Mingzhe Wang, Chao Zhang, Xingman Chen, Songtao Yang, and Ying Liu. 2020. Finding Cracks in Shields: On the Security of Control Flow Integrity Mechanisms. In Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security. 1821--1835.

Digital Library

[47]

Yutao Liu, Peitao Shi, Xinran Wang, Haibo Chen, Binyu Zang, and Haibing Guan. 2017. Transparent and efficient CFI enforcement with intel processor trace. In Proceedings of the 23rd IEEE Symposium on High Performance Computer Architecture (HPCA). Austin, TX.

[48]

Microsoft Support. 2017. A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2, Windows XP Tablet PC Edition 2005, and Windows Server 2003. https://support.microsoft.com/en-us/help/875352/a-detailed-description-of-the-data-execution-prevention-dep-feature-in.

[49]

Santosh Nagarakatte, Milo MK Martin, and Steve Zdancewic. 2015. Everything you want to know about pointer-based checking. In 1st Summit on Advances in Programming Languages (SNAPL 2015). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik.

[50]

Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2009. SoftBound: Highly Compatible and Complete Spatial Memory Safety for C. In Proceedings of the 2009 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). Dublin, Ireland.

Digital Library

[51]

Santosh Nagarakatte, Jianzhou Zhao, Milo MK Martin, and Steve Zdancewic. 2010. CETS: Compiler Enforced Temporal Safety for C. In Proceedings of the 2010 International Symposium on Memory Management (ISMM). Toronto, Canada.

Digital Library

[52]

Nandy Narwhals CTF Team. 2017. CVE-2016--10190 Detailed Writeup. https://nandynarwhals.org/cve-2016--10190/.

[53]

Nathan Burow. 2018. CFIXX C+ test suite. https://github.com/HexHive/CFIXX/tree/master/CFIXX-Suite.

[54]

Ben Niu and Gang Tan. 2014. Modular control-flow integrity. In Proceedings of the 2014 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI). Edinburgh, UK.

Digital Library

[55]

Ben Niu and Gang Tan. 2015. Per-input control-flow integrity. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[56]

Gene Novark and Emery D. Berger. 2010. DieHarder: Securing the Heap. In Proceedings of the 17th ACM Conference on Computer and Communications Security (CCS). Chicago, IL, 573--584.

[57]

Angelos Oikonomopoulos, Elias Athanasopoulos, Herbert Bos, and Cristiano Giuffrida. 2016. Poking Holes in Information Hiding. In Proceedings of the 25th USENIX Security Symposium (Security). Austin, TX.

Digital Library

[58]

Oleksii Oleksenko, Dmitrii Kuvaiskii, Pramod Bhatotia, Pascal Felber, and Christof Fetzer. 2018. Intel MPX Explained: A Cross-layer Analysis of the Intel MPX System Stack. Proceedings of the ACM on Measurement and Analysis of Computing Systems (2018).

Digital Library

[59]

Vasilis Pappas, Michalis Polychronakis, and Angelos D Keromytis. 2013. Transparent ROP Exploit Mitigation Using Indirect Branch Tracing. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC.

[60]

Soyeon Park, Sangho Lee, Wen Xu, Hyungon Moon, and Taesoo Kim. 2019. Libmpk: Software Abstraction for Intel Memory Protection Keys (Intel MPK). In Proceedings of the 2019 USENIX Annual Technical Conference (ATC). Renton, WA, 241--254.

[61]

Aravind Prakash, Xunchao Hu, and Heng Yin. 2015. vfGuard: Strict Protection for Virtual Function Calls in COTS C+ Binaries. In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[62]

Sergej Proskurin, Marius Momeu, Seyedhamed Ghavamnia, Vasileios P. Kemerlis, and Michalis Polychronakis. 2020. xMP: Selective Memory Protection for Kernel and User Space. In Proceedings of the 2020 IEEE Symposium on Security and Privacy. 563--577.

[63]

Qualcomm. 2017. Pointer Authentication on ARMv8.3. https://www.qualcomm.com/media/documents/files/whitepaper-pointer-authentication-on-armv8--3.pdf.

[64]

Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C+ Applications. In Proceedings of the 36th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

Digital Library

[65]

Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov. 2012. AddressSanitizer: A fast address sanity checker. In Proceedings of the 2012 USENIX Annual Technical Conference (ATC). Boston, MA, 309--318.

Digital Library

[66]

@sha0coder. 2014. Python - 'socket.recvfrom_into()' Remote Buffer Overflow. https://www.exploit-db.com/exploits/31875

[67]

Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In Proceedings of the 14th ACM Conference on Computer and Communications Security (CCS). Alexandria, VA.

Digital Library

[68]

SHELLPHISH. 2020. Educational Heap Exploitation. https://github.com/shellphish/how2heap.

[69]

Sam Silvestro, Hongyu Liu, Corey Crosser, Zhiqiang Lin, and Tongping Liu. 2017. FreeGuard: A Faster Secure Heap Allocator. In Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS). Dallas, TX.

Digital Library

[70]

Sam Silvestro, Hongyu Liu, Tianyi Liu, Zhiqiang Lin, and Tongping Liu. 2018. Guarder: A Tunable Secure Allocator. In Proceedings of the 27th USENIX Security Symposium (Security). Baltimore, MD.

[71]

Kevin Z Snow, Fabian Monrose, Lucas Davi, Alexandra Dmitrienko, Christopher Liebchen, and Ahmad-Reza Sadeghi. 2013. Just-in-time Code Reuse: On the Effectiveness of Fine-grained Address Space Layout Randomization. In Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

Digital Library

[72]

Chengyu Song, Byoungyoung Lee, Kangjie Lu, William Harris, Taesoo Kim, and Wenke Lee. 2016a. Enforcing Kernel Security Invariants with Data Flow Integrity. In Proceedings of the 2016 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[73]

Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, and Yunheung Pack. 2016b. HDFI: Hardware-Assisted Data-flow Isolation. In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

[74]

The Clang Team. 2019 a. Clang 10 documentation: CONTROL FLOW INTEGRITY. https://clang.llvm.org/docs/ControlFlowIntegrity.html.

[75]

The Clang Team. 2019 b. Clang 10 documentation: SAFESTACK. https://clang.llvm.org/docs/SafeStack.html.

[76]

The PostgreSQL Global Development Group. 2020. pgbench: PostgreSQL Client Applications. https://www.postgresql.org/docs/current/pgbench.html.

[77]

Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM. In Proceedings of the 23rd USENIX Security Symposium (Security). San Diego, CA.

[78]

Anjo Vahldiek-Oberwagner, Eslam Elnikety, Nuno O Duarte, Michael Sammler, Peter Druschel, and Deepak Garg. 2019. ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK). In Proceedings of the 28th USENIX Security Symposium (Security). Santa Clara, CA, 1221--1238.

[79]

Victor van der Veen, Dennis Andriesse, Enes Göktacs, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. Practical context-sensitive CFI. In Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS). Denver, Colorado.

Digital Library

[80]

Victor van der Veen, Enes Göktas, Moritz Contag, Andre Pawoloski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida. 2016. A tough call: Mitigating advanced code-reuse attacks at the binary level. In Proceedings of the 37th IEEE Symposium on Security and Privacy (Oakland). San Jose, CA.

[81]

Insu Yun, Dhaval Kapil, and Taesoo Kim. 2020. Automatic Techniques to Systematically Discover New Heap Exploitation Primitives. In Proceedings of the 29th USENIX Security Symposium (Security). Boston, MA.

Digital Library

[82]

Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, and Dawn Song. 2015. VTint: Protecting Virtual Function Tables' Integrity. In Proceedings of the 2015 Annual Network and Distributed System Security Symposium (NDSS). San Diego, CA.

[83]

Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity and randomization for binary executables. In Proceedings of the 34th IEEE Symposium on Security and Privacy (Oakland). San Francisco, CA.

[84]

Mingwei Zhang and R Sekar. 2013. Control Flow Integrity for COTS Binaries. In Proceedings of the 22th USENIX Security Symposium (Security). Washington, DC.

[85]

Tong Zhang, Dongyoon Lee, and Changhee Jung. 2019. BOGO: Buy Spatial Memory Safety, Get Temporal Memory Safety (Almost) Free. In Proceedings of the 24th ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS). Providence, RI, 631--644.

Digital Library

[86]

Philipp Zieris and Julian Horsch. 2018. A leak-resilient dual stack scheme for backward-edge control-flow integrity. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security. 369--380.

Digital Library

Cited By

Narayan SGarfinkel TJohnson EYedidia ZWang YBrown AVahldiek-Oberwagner ALeMay MHuang WWang XSun MTullsen DStefan DEeckhout LSmaragdakis GLiang KSampson AKim MRossbach C(2025)Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern ArchitecturesProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707249(987-1002)Online publication date: 3-Feb-2025
https://dl.acm.org/doi/10.1145/3669940.3707249
Wei JChen P(2024)DSLR–Journal of Computer Security10.3233/JCS-23005332:3(221-246)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.3233/JCS-230053
Xiang HCheng ZLi JMa JLu KLuo BLiao XXu JKirda ELie D(2024)Boosting Practical Control-Flow Integrity with Complete Field Sensitivity and Origin AwarenessProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670308(4524-4538)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670308
Show More Cited By

Index Terms

VIP: Safeguard Value Invariant Property for Thwarting Critical Memory Corruption Attacks
1. Security and privacy
  1. Software and application security
  2. Systems security

Recommendations

Automatic diagnosis and response to memory corruption vulnerabilities
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Cyber attacks against networked computers have become relentless in recent years. The most common attack method is to exploit memory corruption vulnerabilities such as buffer overflow and format string bugs. This paper presents a technique to ...
Smokestack: thwarting DOP attacks with runtime stack layout randomization
CGO 2019: Proceedings of the 2019 IEEE/ACM International Symposium on Code Generation and Optimization

Memory corruption vulnerabilities in type-unsafe languages are often exploited to perform a control-flow hijacking attack, in which an attacker uses vulnerabilities to corrupt control data in the program to eventually gain control over the execution of ...
Defeating Memory Corruption Attacks via Pointer Taintedness Detection
DSN '05: Proceedings of the 2005 International Conference on Dependable Systems and Networks

Most malicious attacks compromise system security through memory corruption exploits. Recently proposed techniques attempt to defeat these attacks by protecting program control data. We have constructed a new class of attacks that can compromise network ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

November 2021

3558 pages

ISBN:9781450384544

DOI:10.1145/3460120

General Chairs:
Yongdae Kim
KAIST, Republic of Korea
,
Jong Kim
POSTECH, Republic of Korea
,
Program Chairs:
Giovanni Vigna
University of California, Santa Barbara / VMware, USA
,
Elaine Shi
Carnegie Mellon University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 13 November 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Office of Naval Research

Conference

CCS '21

Sponsor:

SIGSAC

CCS '21: 2021 ACM SIGSAC Conference on Computer and Communications Security

November 15 - 19, 2021

Virtual Event, Republic of Korea

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
933
Total Downloads

Downloads (Last 12 months)306
Downloads (Last 6 weeks)43

Reflects downloads up to 08 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Narayan SGarfinkel TJohnson EYedidia ZWang YBrown AVahldiek-Oberwagner ALeMay MHuang WWang XSun MTullsen DStefan DEeckhout LSmaragdakis GLiang KSampson AKim MRossbach C(2025)Segue & ColorGuard: Optimizing SFI Performance and Scalability on Modern ArchitecturesProceedings of the 30th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 110.1145/3669940.3707249(987-1002)Online publication date: 3-Feb-2025
https://dl.acm.org/doi/10.1145/3669940.3707249
Wei JChen P(2024)DSLR–Journal of Computer Security10.3233/JCS-23005332:3(221-246)Online publication date: 17-Jun-2024
https://dl.acm.org/doi/10.3233/JCS-230053
Xiang HCheng ZLi JMa JLu KLuo BLiao XXu JKirda ELie D(2024)Boosting Practical Control-Flow Integrity with Complete Field Sensitivity and Origin AwarenessProceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security10.1145/3658644.3670308(4524-4538)Online publication date: 2-Dec-2024
https://dl.acm.org/doi/10.1145/3658644.3670308
Ismail MJelesnianski CJang YMin CXiong WTsafrir DMusuvathi MGupta RAbu-Ghazaleh N(2024)Enforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow IntegrityProceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3620666.3651342(283-300)Online publication date: 27-Apr-2024
https://dl.acm.org/doi/10.1145/3620666.3651342
Jelesnianski CIsmail MJang YWilliams DMin CAamodt TJerger NSwift M(2023)Protect the System Call, Protect (Most of) the World with BASTIONProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582066(528-541)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582066
Song SPark SKwon D(2023)metaSafer: A Technique to Detect Heap Metadata Corruption in WebAssemblyIEEE Access10.1109/ACCESS.2023.332781711(124887-124898)Online publication date: 2023
https://doi.org/10.1109/ACCESS.2023.3327817

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten