Explore a conference talk from USENIX Security '15 that examines the effectiveness of Control-Flow Integrity (CFI) as a defense against control-flow hijacking attacks. Delve into the research conducted by experts from the University of California, Berkeley, ETH Zürich, and Purdue University as they challenge common evaluation metrics and reveal limitations in fully-precise static CFI security. Learn about Control-Flow Bending (CFB), a generalization of non-control-data attacks, and its implications for achieving Turing-complete computation using standard library calls. Analyze the evaluation results of CFI on six real binaries and understand why CFI may not be a reliable defense against memory corruption vulnerabilities. Additionally, examine the role of shadow stacks in combination with CFI and their impact on enhancing security measures.
Control-Flow Bending - On the Effectiveness of Control-Flow Integrity
Overview
Syllabus
Intro
Background
Control-Flow Integrity
Shadow Stacks
Prior Work: Weak CFI is broken
Return to Libc: Challenges
Dispatcher Functions
Evaluation (part 1)
Evaluation (part 2)
Printf-Oriented Programming
Conclusion
Questions?
Taught by
USENIX
Related Courses
-
Towards a Policy-Agnostic Control-Flow Integrity Implementation
-
Enforcing Unique Code Target Property for Control-Flow Integrity
-
Securing the Hypervisor with Control-Flow Integrity
-
Lost Control - Breaking Hardware-Assisted Kernel Control-Flow Integrity with Page-Oriented Programming
-
Shining Light on Shadow Stacks
-
Hardware-Assisted Fine-Grained Control-Flow Integrity - Adding Lasers to Intel's CET/IBT
