Visible to the public Biblio

Filters: Author is Xu, Xiaoyang  [Clear All Filters]
2018-06-07
Wang, Wenhao, Xu, Xiaoyang, Hamlen, Kevin W..  2017.  Object Flow Integrity. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. :1909–1924.
Object flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: those containing immutable system modules with large, object-oriented APIs—which are particularly common in component-based, event-driven consumer software. It also helps to protect these inter-module object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks. A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits low overheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts.