35th Annual Computer Security Applications Conference (ACSAC 2019)

Full Program »
Paper
View File
ACM
Presentation
View File
pdf

Analyzing Control Flow Integrity with LLVM-CFI

Control-flow hijacking attacks are used to perform malicious computations. Current solutions for assessing the attack surface after a control flow integrity (CFI) policy was applied can measure only indirect transfer averages in the best case without providing any insights w.r.t. the absolute calltarget reduction per callsite, and gadget availability. Further, tool comparison is underdeveloped or not possible at all. CFI has proven to be one of the most promising protections against control flow hijacking attacks, thus many efforts have been made in the past to improve CFI in various ways. However, there is a lack of systematic assessment of existing CFI protections.

Therefore in this paper, we present LLVM-CFI, a static source code analysis framework for analyzing state-of-the-art static CFI protections based on the Clang/LLVM compiler framework. LLVM-CFI works by precisely modeling a CFI policy and then evaluating it within a unified approach. LLVM-CFI helps determine the level of security offered by different CFI protections, after the CFI protections were deployed, thus providing an important step towards exploit creation/prevention and stronger defenses. We have used LLVM-CFI to assess eight state-of-the-art static CFI defenses on real-world programs such as Google Chrome and Apache Httpd. LLVM-CFI provides a precise analysis of the residual attack surfaces, and accordingly ranks CFI policies against each other. LLVM-CFI also successfully paves the way towards construction of COOP-like code reuse attacks and elimination of the remaining attack surface by disclosing protected calltargets under eight restrictive CFI policies.

Paul Muntean
Technical University of Munich

Matthias Neumayer
Technical University of Munich

Zhiqiang Lin
Ohio State University

Gang Tan
Penn State University

Jens Grossklags
Technical University of Munich

Claudia Eckert
Technical University of Munich

 



Powered by OpenConf®
Copyright©2002-2020 Zakon Group LLC