CFCI: Strong Code Integrity for COTS Binaries
See our ACSAC 2015
paper for an overview of this approach. Note that this paper is an extension built on top of PSI (paper in VEE 2014).
Despite decades of sustained effort, memory
corruption attacks continue to be one of the most serious security threats faced
today. They are highly sought after by attackers, as they provide ultimate
control -- the ability to execute arbitrary low-level code. Attackers have shown
time and again their ability to overcome widely deployed countermeasures such as
Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) by
crafting ReturnOriented Programming (ROP) attacks. Although Turing-complete ROP
attacks have been demonstrated in research papers, real-world ROP payloads have
had a more limited objective: that of disabling DEP so that injected native code
attacks can be carried out. In this project, we have developed a systematic
defense, called Control Flow and Code Integrity (CFCI), that makes injected
native code attacks impossible. CFCI achieves this without sacrificing
compatibility with existing software, the need to replace system programs suchas
the dynamic loader, and without significant performance penalty.
CFCI is alpha software. It is provided for research and evaluation purposes only.
Available soon as a Virtual Box VM shipped under GPL: cfci-vbox-v1.0.tar.gz.
This work was supported in part by an NSF grants CNS-1319137, CNS-0831298,
an AFOSR grant FA9550-09-1-0539, and an ONR grant N000140710928.