Value-based constraint control flow integrity값 기반의 제한된 제어 흐름 무결성
Control
ow integrity (CFI) is a generic technique that prevents a control
ow hijacking
attacks by verifying the legitimacy of indirect branches against a prede
ned set of targets. State-of-theart
CFI solutions focus on reducing the number of targets using the context of a program such as the path
to the indirect branch and the origin of the code pointer. However, these solutions work with an impractical
assumption that the attacker only compromises control data; non-control data such as condition data that can
also be abused by attackers are not considered. To overcome these limitations, in this paper, we propose
value-based constraint CFI (vCFI) to improve the effectiveness of CFI by retrieving and protecting all
data that can potentially be manipulated for control
ow hijacking. We
rst perform static analysis such
as dependency, condition, and data analyses to derive all control
ow-related data. Then, vCFI protects
these data during runtime by instrumenting a program to be hardened. We implemented vCFI as a compiler
extension and evaluated its performance using SPEC CPU2006. The performance degradation caused by
adopting vCFI was reasonable, and the average overhead was 13.6%.
- Description
- 한국과학기술원 :정보보호대학원,
- Publisher
- 한국과학기술원
- Issue Date
- 2020
- Identifier
- 325007
- Language
- eng
- Description
학위논문(박사) - 한국과학기술원 : 정보보호대학원, 2020.8,[vi, 63 p. :]
- Keywords
control flow hijacking▼acontrol flow integrity▼anon-control data▼aprogram analysis▼aindirect branch; 제어 흐름 탈취▼a제어 흐름 무결성▼a비 제어 데이터▼a프로그램 분석▼a간접 브랜치
- Appears in Collection
- IS-Theses_Ph.D.(박사논문)
- Files in This Item
- There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.