SlideShare a Scribd company logo

Practical Challenges of Type Checking in Control Flow Integrity

Sajjad "JJ" Arshad
Sajjad "JJ" Arshad

IEEE Secure Development Conference (SecDev) Poster Session Boston, MA, USA, September 2017

Science
1 of 1
Download to read offline
Practical Challenges of Type Checking in Control Flow Integrity Reza Mirzazade Farkhani; Sajjad Arshad; Saman Jafari Northeastern University Reza Mirzazade Farkhani Northeastern University Email: reza@iseclab.org Contac t 1. Shacham, Hovav, et al. ”On the effectiveness of address-space randomization.” Proceedings of the 11th ACM conference on Computer and communications security. ACM, 2004. 2. Abadi, Martn, et al. “Control-flow integrity.” Proceedings of the 12th ACM conference on Computer and communications security. ACM, 2005. Reference s Type checking • In this research, we have studied the implications of creating a restrictive CFI with type matching and propose some solutions to improve the accuracy of the CFG. • Combining the result of points-to analysis and type checking can result in a more precise CFG. • By pruning the CFG with type matching, a more precise CFG would be available. This purging decreases the chance of a practical attack on CFI, but it faces numerous practical deployment challenges. Conclusions App Version FP Function Collision FP ICS Function nginx 1.10.1 84 1299 48 34 121 httpd 2.4.25 248 2800 64 101 483 lighttpd 1.4.45 27 899 10 47 40 exim 4.90 43 968 17 179 319 Results Chart 1. Type collision with glibc • Lack of memory management in unsafe programming languages such as C/C++ has been introducing significant threats to the applications. • It has been shown that defenses such as ASLR and DEP can be bypassed by motivated attackers[1]. • Control Flow Integrity (CFI) is introduced to enforce the application’s control flow to adhere to the statically generated Control Flow Graph (CFG).[2] • The effectiveness of CFI depends on the ability to construct an accurate CFG. • Type checking only allows control transfers if the types of the caller and the callee match [3][4]. Problem Statement • Type checking, indeed, faces numerous practical challenges for deployment in C and C++ such as type collision, type diversification and covariant return type. • There are some types such as void * that can be matched with any other type. • Resolving collisions requires global type diversification which complicates dynamic loading of libraries and separate compilation. Table 1. Type collision in popular applications Figure 2. CFG of the program based on type Figure 1. Sample vulnerable source code 3. van der Veen, Victor, et al. ”A tough call: Mitigating advanced code reuse attacks at the binary level.” Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016. 4. Tice, Caroline, et al. ”Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM.” USENIX Security Symposium. 2014.

Recommended

Software dependencies, work dependencies and Failure Proneness
Software dependencies, work dependencies and Failure PronenessSoftware dependencies, work dependencies and Failure Proneness
Software dependencies, work dependencies and Failure PronenessMuthukumaran Kasinathan
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
First Principles Vulnerability Assessment
First Principles Vulnerability AssessmentFirst Principles Vulnerability Assessment
First Principles Vulnerability AssessmentManuel Brugnoli
 
Partitioning composite code changes to facilitate code review
Partitioning composite code changes to facilitate code reviewPartitioning composite code changes to facilitate code review
Partitioning composite code changes to facilitate code reviewYida Tao
 
Cross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresCross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresIRJET Journal
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...IOSR Journals
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptxSanketPatel295815
 

Recommended

Software dependencies, work dependencies and Failure Proneness
Software dependencies, work dependencies and Failure PronenessSoftware dependencies, work dependencies and Failure Proneness
Software dependencies, work dependencies and Failure PronenessMuthukumaran Kasinathan
 
Standardizing Source Code Security Audits
Standardizing Source Code Security AuditsStandardizing Source Code Security Audits
Standardizing Source Code Security Auditsijseajournal
 
First Principles Vulnerability Assessment
First Principles Vulnerability AssessmentFirst Principles Vulnerability Assessment
First Principles Vulnerability AssessmentManuel Brugnoli
 
Partitioning composite code changes to facilitate code review
Partitioning composite code changes to facilitate code reviewPartitioning composite code changes to facilitate code review
Partitioning composite code changes to facilitate code reviewYida Tao
 
Cross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresCross Site Scripting Attacks and Preventive Measures
Cross Site Scripting Attacks and Preventive MeasuresIRJET Journal
 
Dupressoir
DupressoirDupressoir
Dupressoiranesah
 
De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...De-virtualizing virtual Function Calls using various Type Analysis Technique...
De-virtualizing virtual Function Calls using various Type Analysis Technique...IOSR Journals
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptxSanketPatel295815
 
Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Mumbai Academisc
 
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...IJERA Editor
 
4213ijsea04
4213ijsea044213ijsea04
4213ijsea04ijseajournal
 
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELSTHE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELSIJSEA
 
A26001006
A26001006A26001006
A26001006IJERA Editor
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...IJECEIAES
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
Resource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud AppliancesResource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud AppliancesIOSR Journals
 
H017445260
H017445260H017445260
H017445260IOSR Journals
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsUltraUploader
 
A new approach for formal behavioral
A new approach for formal behavioralA new approach for formal behavioral
A new approach for formal behavioralijfcstjournal
 
Deception towards Moving Target Defense
Deception towards Moving Target DefenseDeception towards Moving Target Defense
Deception towards Moving Target DefenseBasirudin Rachman Djamaluddin
 
A Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueA Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueINFOGAIN PUBLICATION
 
Dependency Injection & IoC
Dependency Injection & IoCDependency Injection & IoC
Dependency Injection & IoCDennis Loktionov
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
Consistency of data replication
Consistency of data replicationConsistency of data replication
Consistency of data replicationijitjournal
 
Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...ijfcstjournal
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxnettletondevon
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 

More Related Content

Similar to Practical Challenges of Type Checking in Control Flow Integrity

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysisAsif Anik
 
Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Mumbai Academisc
 
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...IJERA Editor
 
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELSTHE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELSIJSEA
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...IJECEIAES
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentVESIT/University of Mumbai
 
Resource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud AppliancesResource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud AppliancesIOSR Journals
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsUltraUploader
 
A new approach for formal behavioral
A new approach for formal behavioralA new approach for formal behavioral
A new approach for formal behavioralijfcstjournal
 
A Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueA Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueINFOGAIN PUBLICATION
 
Dependency Injection & IoC
Dependency Injection & IoCDependency Injection & IoC
Dependency Injection & IoCDennis Loktionov
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...AM Publications
 
Consistency of data replication
Consistency of data replicationConsistency of data replication
Consistency of data replicationijitjournal
 
Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...ijfcstjournal
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxnettletondevon
 

Similar to Practical Challenges of Type Checking in Control Flow Integrity (20)

Presentation on vulnerability analysis
Presentation on vulnerability analysisPresentation on vulnerability analysis
Presentation on vulnerability analysis
 
Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...Layered approach using conditional random fields for intrusion detection (syn...
Layered approach using conditional random fields for intrusion detection (syn...
 
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
Detecting Aspect Intertype Declaration Interference at Aspect Oriented Design...
 
4213ijsea04
4213ijsea044213ijsea04
4213ijsea04
 
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELSTHE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
THE REMOVAL OF NUMERICAL DRIFT FROM SCIENTIFIC MODELS
 
A26001006
A26001006A26001006
A26001006
 
Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...Automated server-side model for recognition of security vulnerabilities in sc...
Automated server-side model for recognition of security vulnerabilities in sc...
 
Rational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability AssessmentRational Unified Treatment for Web Application Vulnerability Assessment
Rational Unified Treatment for Web Application Vulnerability Assessment
 
Resource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud AppliancesResource Allocation for Antivirus Cloud Appliances
Resource Allocation for Antivirus Cloud Appliances
 
H017445260
H017445260H017445260
H017445260
 
A fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flowsA fast static analysis approach to detect exploit code inside network flows
A fast static analysis approach to detect exploit code inside network flows
 
A new approach for formal behavioral
A new approach for formal behavioralA new approach for formal behavioral
A new approach for formal behavioral
 
Deception towards Moving Target Defense
Deception towards Moving Target DefenseDeception towards Moving Target Defense
Deception towards Moving Target Defense
 
A Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid TechniqueA Novel Approach for Code Clone Detection Using Hybrid Technique
A Novel Approach for Code Clone Detection Using Hybrid Technique
 
Dependency Injection & IoC
Dependency Injection & IoCDependency Injection & IoC
Dependency Injection & IoC
 
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation AnalysisA New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysis
 
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
Vulnerability Analysis of 802.11 Authentications and Encryption Protocols: CV...
 
Consistency of data replication
Consistency of data replicationConsistency of data replication
Consistency of data replication
 
Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...Verification of the protection services in antivirus systems by using nusmv m...
Verification of the protection services in antivirus systems by using nusmv m...
 
An Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docxAn Overview of Cyber Attack and Computer Network Operations Si.docx
An Overview of Cyber Attack and Computer Network Operations Si.docx
 

More from Sajjad "JJ" Arshad

Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildSajjad "JJ" Arshad
 
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...Sajjad "JJ" Arshad
 
Large-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteLarge-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteSajjad "JJ" Arshad
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareSajjad "JJ" Arshad
 
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsTracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsSajjad "JJ" Arshad
 
How Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsHow Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsSajjad "JJ" Arshad
 
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Sajjad "JJ" Arshad
 
Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance
Identifying Extension-based Ad Injection via Fine-grained Web Content ProvenanceIdentifying Extension-based Ad Injection via Fine-grained Web Content Provenance
Identifying Extension-based Ad Injection via Fine-grained Web Content ProvenanceSajjad "JJ" Arshad
 
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Sajjad "JJ" Arshad
 
A Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardA Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardSajjad "JJ" Arshad
 
How Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsHow Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsSajjad "JJ" Arshad
 
"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation NetworksSajjad "JJ" Arshad
 
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsInclude Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsSajjad "JJ" Arshad
 
On the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegrityOn the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegritySajjad "JJ" Arshad
 

More from Sajjad "JJ" Arshad (16)

Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
Cached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the WildCached and Confused: Web Cache Deception in the Wild
Cached and Confused: Web Cache Deception in the Wild
 
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
HotFuzz: Discovering Algorithmic Denial-of-Service Vulnerabilities Through Gu...
 
Large-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path OverwriteLarge-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path Overwrite
 
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting RansomwareUNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
UNVEIL: A Large-Scale, Automated Approach to Detecting Ransomware
 
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted AdsTracing Information Flows Between Ad Exchanges Using Retargeted Ads
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
 
How Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSocketsHow Tracking Companies Circumvent Ad Blockers Using WebSockets
How Tracking Companies Circumvent Ad Blockers Using WebSockets
 
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
Understanding and Mitigating the Security Risks of Content Inclusion in Web B...
 
Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance
Identifying Extension-based Ad Injection via Fine-grained Web Content ProvenanceIdentifying Extension-based Ad Injection via Fine-grained Web Content Provenance
Identifying Extension-based Ad Injection via Fine-grained Web Content Provenance
 
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Librari...
 
A Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt StandardA Longitudinal Analysis of the ads.txt Standard
A Longitudinal Analysis of the ads.txt Standard
 
How Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSocketsHow Tracking Companies Circumvented Ad Blockers Using WebSockets
How Tracking Companies Circumvented Ad Blockers Using WebSockets
 
"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks"Recommended For You": A First Look at Content Recommendation Networks
"Recommended For You": A First Look at Content Recommendation Networks
 
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content InclusionsInclude Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
Include Me Out: In-Browser Detection of Malicious Third-Party Content Inclusions
 
On the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow IntegrityOn the Effectiveness of Type-based Control Flow Integrity
On the Effectiveness of Type-based Control Flow Integrity
 

Recently uploaded

Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...RohitNehra6
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfrohankumarsinghrore1
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...ssifa0344
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSarthak Sekhar Mondal
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRDelhi Call girls
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.Nitya salvi
 
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencyHire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencySheetal Arora
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPirithiRaju
 
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Lokesh Kothari
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...Sérgio Sacani
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisDiwakar Mishra
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticssakshisoni2385
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PPRINCE C P
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxgindu3009
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfmuntazimhurra
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksSérgio Sacani
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfSumit Kumar yadav
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxAArockiyaNisha
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsSérgio Sacani
 

Recently uploaded (20)

Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...Biopesticide (2).pptx .This slides helps to know the different types of biop...
Biopesticide (2).pptx .This slides helps to know the different types of biop...
 
CELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdfCELL -Structural and Functional unit of life.pdf
CELL -Structural and Functional unit of life.pdf
 
Forensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdfForensic Biology & Its biological significance.pdf
Forensic Biology & Its biological significance.pdf
 
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
TEST BANK For Radiologic Science for Technologists, 12th Edition by Stewart C...
 
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatidSpermiogenesis or Spermateleosis or metamorphosis of spermatid
Spermiogenesis or Spermateleosis or metamorphosis of spermatid
 
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCRStunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
Stunning ➥8448380779▻ Call Girls In Panchshil Enclave Delhi NCR
 
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
❤Jammu Kashmir Call Girls 8617697112 Personal Whatsapp Number 💦✅.
 
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls AgencyHire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
Hire 💕 9907093804 Hooghly Call Girls Service Call Girls Agency
 
Pests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdfPests of mustard_Identification_Management_Dr.UPR.pdf
Pests of mustard_Identification_Management_Dr.UPR.pdf
 
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
Labelling Requirements and Label Claims for Dietary Supplements and Recommend...
 
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
PossibleEoarcheanRecordsoftheGeomagneticFieldPreservedintheIsuaSupracrustalBe...
 
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral AnalysisRaman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
Raman spectroscopy.pptx M Pharm, M Sc, Advanced Spectral Analysis
 
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceuticsPulmonary drug delivery system M.pharm -2nd sem P'ceutics
Pulmonary drug delivery system M.pharm -2nd sem P'ceutics
 
VIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C PVIRUSES structure and classification ppt by Dr.Prince C P
VIRUSES structure and classification ppt by Dr.Prince C P
 
Presentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptxPresentation Vikram Lander by Vedansh Gupta.pptx
Presentation Vikram Lander by Vedansh Gupta.pptx
 
Biological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdfBiological Classification BioHack (3).pdf
Biological Classification BioHack (3).pdf
 
Formation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disksFormation of low mass protostars and their circumstellar disks
Formation of low mass protostars and their circumstellar disks
 
Botany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdfBotany 4th semester series (krishna).pdf
Botany 4th semester series (krishna).pdf
 
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptxPhysiochemical properties of nanomaterials and its nanotoxicity.pptx
Physiochemical properties of nanomaterials and its nanotoxicity.pptx
 
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroidsHubble Asteroid Hunter III. Physical properties of newly found asteroids
Hubble Asteroid Hunter III. Physical properties of newly found asteroids
 

Practical Challenges of Type Checking in Control Flow Integrity

  • 1. Practical Challenges of Type Checking in Control Flow Integrity Reza Mirzazade Farkhani; Sajjad Arshad; Saman Jafari Northeastern University Reza Mirzazade Farkhani Northeastern University Email: reza@iseclab.org Contac t 1. Shacham, Hovav, et al. ”On the effectiveness of address-space randomization.” Proceedings of the 11th ACM conference on Computer and communications security. ACM, 2004. 2. Abadi, Martn, et al. “Control-flow integrity.” Proceedings of the 12th ACM conference on Computer and communications security. ACM, 2005. Reference s Type checking • In this research, we have studied the implications of creating a restrictive CFI with type matching and propose some solutions to improve the accuracy of the CFG. • Combining the result of points-to analysis and type checking can result in a more precise CFG. • By pruning the CFG with type matching, a more precise CFG would be available. This purging decreases the chance of a practical attack on CFI, but it faces numerous practical deployment challenges. Conclusions App Version FP Function Collision FP ICS Function nginx 1.10.1 84 1299 48 34 121 httpd 2.4.25 248 2800 64 101 483 lighttpd 1.4.45 27 899 10 47 40 exim 4.90 43 968 17 179 319 Results Chart 1. Type collision with glibc • Lack of memory management in unsafe programming languages such as C/C++ has been introducing significant threats to the applications. • It has been shown that defenses such as ASLR and DEP can be bypassed by motivated attackers[1]. • Control Flow Integrity (CFI) is introduced to enforce the application’s control flow to adhere to the statically generated Control Flow Graph (CFG).[2] • The effectiveness of CFI depends on the ability to construct an accurate CFG. • Type checking only allows control transfers if the types of the caller and the callee match [3][4]. Problem Statement • Type checking, indeed, faces numerous practical challenges for deployment in C and C++ such as type collision, type diversification and covariant return type. • There are some types such as void * that can be matched with any other type. • Resolving collisions requires global type diversification which complicates dynamic loading of libraries and separate compilation. Table 1. Type collision in popular applications Figure 2. CFG of the program based on type Figure 1. Sample vulnerable source code 3. van der Veen, Victor, et al. ”A tough call: Mitigating advanced code reuse attacks at the binary level.” Security and Privacy (SP), 2016 IEEE Symposium on. IEEE, 2016. 4. Tice, Caroline, et al. ”Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM.” USENIX Security Symposium. 2014.