vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries
Download: Paper (PDF)
Date: 7 Feb 2015
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2015
Control flow integrity is an important security property that needs to be enforced to prevent control-flow hijacking attacks. The existing CFI protections for COTS binaries are too permissive, and still vulnerable to sophisticated code reusing attacks. In this paper, we aim to provide more stringent protection for COTS C++ binaries, with respect to their virtual function calls. To achieve this goal, we need to reliably recover C++ semantics, including VTables and virtual callsites. With the extracted C++ semantics, we construct a sound CFI policy and further improve the policy precision by devising two filters. We implemented a prototype system called vfGuard, and evaluated its effectiveness with realworld large C++ binaries, such as web browsers. Our experiments demonstrated that we can construct sound and much more precise CFI policies to protect virtual function calls in realworld large C++ binaries.