Visible to the public Object Flow Integrity

TitleObject Flow Integrity
Publication TypeConference Paper
Year of Publication2017
AuthorsWang, Wenhao, Xu, Xiaoyang, Hamlen, Kevin W.
Conference NameProceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4946-8
Keywordsbinary transformation, composability, control-flow integrity, Metrics, object oriented security, object-oriented programming, pubcrawl, resilience, Resiliency, security
AbstractObject flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: those containing immutable system modules with large, object-oriented APIs--which are particularly common in component-based, event-driven consumer software. It also helps to protect these inter-module object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks. A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits low overheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts.
URLhttp://doi.acm.org/10.1145/3133956.3133986
DOI10.1145/3133956.3133986
Citation Keywang_object_2017