Annual Computer Security Applications Conference 2015
 OpenConf Peer Review & Conference Management System

Full Program »

Binary Code Continent: Finer-Grained Control Flow Integrity for Stripped Binaries

Presentation
View File
pdf
357KB

Control Flow Integrity (CFI) is an effective technique to mitigate threats such as code-injection and code-reuse attacks in programs by protecting indirect transfers. For stripped binaries, a CFI policy has to be made conservatively due to the lack of source code level semantics. Existing binary-only CFI solutions such as BinCFI and CCFIR demonstrate the ability to protect stripped binaries, but the policies they apply are too permissive, allowing sophisticated code-reuse attacks. In this paper, we propose a new binary-only CFI protection scheme called BinCC, which applies static binary rewriting to provide finer-grained protection for x86 stripped ELF binaries. Through code duplication and static analysis, we divide the binary code into several mutually exclusive code continents. We further classify each indirect transfer within a code continent as either an Intra-Continent transfer or an Inter-Continent transfer, and apply separate, strict CFI polices to constrain these transfers. To evaluate BinCC, we introduce new metrics to estimate the average amount of legitimate targets of each kind of indirect transfer as well as the difficulty to leverage call proceeded gadgets to generate ROP exploits. Compared to the state of the art binary-only CFI, BinCFI, the experimental results show that BinCC significantly reduces the legitimate transfer targets by 81.34% and increases the difficulty for adversaries to bypass CFI restriction to launch sophisticated ROP attacks. Also, BinCC achieves a reasonable performance, around 14% of the space overhead decrease and only 4% runtime overhead increase as compared to BinCFI.

Author(s):

Minghua Wang    
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Department of EECS, Syracuse University
China

Heng Yin    
Department of EECS, Syracuse University
United States

Abhishek vasisht bhaskar    
Department of EECS, Syracuse University
India

Purui Su    
Trusted Computing and Information Assurance Laboratory, State Key Laboratory of Computer Science, Institute of Software, Chinese Academy of Sciences
China

Dengguo Feng    
Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences
China

 

Powered by OpenConf®
Copyright©2002-2015 Zakon Group LLC