Author(s): Aravind Prakashm Xunchao Hu, Heng Yin

Download: Paper (PDF)

Date: 7 Feb 2015

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2015


Control flow integrity is an important security property that needs to be enforced to prevent control-flow hijacking attacks. The existing CFI protections for COTS binaries are too permissive, and still vulnerable to sophisticated code reusing attacks. In this paper, we aim to provide more stringent protection for COTS C++ binaries, with respect to their virtual function calls. To achieve this goal, we need to reliably recover C++ semantics, including VTables and virtual callsites. With the extracted C++ semantics, we construct a sound CFI policy and further improve the policy precision by devising two filters. We implemented a prototype system called vfGuard, and evaluated its effectiveness with realworld large C++ binaries, such as web browsers. Our experiments demonstrated that we can construct sound and much more precise CFI policies to protect virtual function calls in realworld large C++ binaries.