A Tough Call - Mitigating Advanced Code-Reuse Attacks at the Binary Level

Explore advanced techniques for mitigating code-reuse attacks at the binary level in this 20-minute conference talk presented at the 2016 IEEE Symposium on Security & Privacy. Delve into the challenges of implementing Control-Flow Integrity (CFI) without source code and discover innovative binary-level analysis methods to reduce potential targets for indirect branches. Learn about the TypeArmor prototype, which reconstructs function prototypes and employs liveness analysis to create a more precise relationship between callsites and target callees. Examine experimental results demonstrating TypeArmor's efficiency and its effectiveness in mitigating advanced attacks like Counterfeit Object-oriented Programming (COOP). Gain insights into how strict binary-level CFI can enhance software security, even without access to source information or C++ semantics.