Visible to the public Biblio

Filters: Keyword is data execution prevention  [Clear All Filters]
2020-02-24
Maunero, Nicoló, Prinetto, Paolo, Roascio, Gianluca.  2019.  CFI: Control Flow Integrity or Control Flow Interruption? 2019 IEEE East-West Design Test Symposium (EWDTS). :1–6.

Runtime memory vulnerabilities, especially present in widely used languages as C and C++, are exploited by attackers to corrupt code pointers and hijack the execution flow of a program running on a target system to force it to behave abnormally. This is the principle of modern Code Reuse Attacks (CRAs) and of famous attack paradigms as Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP), which have defeated the previous defenses against malicious code injection such as Data Execution Prevention (DEP). Control-Flow Integrity (CFI) is a promising approach to protect against such runtime attacks. Recently, many CFI solutions have been proposed, with both hardware and software implementations. But how can a defense based on complying with a graph calculated a priori efficiently deal with something unpredictable as exceptions and interrupt requests? The present paper focuses on this dichotomy by analysing some of the CFI-based defenses and showing how the unexpected trigger of an interrupt and the sudden execution of an Interrupt Service Routine (ISR) can circumvent them.

2015-04-30
Youngjung Ahn, Yongsuk Lee, Jin-Young Choi, Gyungho Lee, Dongkyun Ahn.  2014.  Monitoring Translation Lookahead Buffers to Detect Code Injection Attacks. Computer. 47:66-72.

By identifying memory pages that external I/O operations have modified, a proposed scheme blocks malicious injected code activation, accurately distinguishing an attack from legitimate code injection with negligible performance impact and no changes to the user application.