Title | Object Flow Integrity |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Wang, Wenhao, Xu, Xiaoyang, Hamlen, Kevin W. |
Conference Name | Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security |
Publisher | ACM |
Conference Location | New York, NY, USA |
ISBN Number | 978-1-4503-4946-8 |
Keywords | binary transformation, composability, control-flow integrity, Metrics, object oriented security, object-oriented programming, pubcrawl, resilience, Resiliency, security |
Abstract | Object flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: those containing immutable system modules with large, object-oriented APIs--which are particularly common in component-based, event-driven consumer software. It also helps to protect these inter-module object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks. A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits low overheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts. |
URL | http://doi.acm.org/10.1145/3133956.3133986 |
DOI | 10.1145/3133956.3133986 |
Citation Key | wang_object_2017 |