- Main
DCFI: Control Flow Integrity for Modern Windows Applications
- Hawkins, Byron
- Advisor(s): Demsky, Brian
Abstract
Control flow integrity or CFI has emerged as an important technique for
preventing attacks on software. Previous approaches relied on static
analysis and thus largely target static binaries and are limited in how
tightly they can constrain a program's runtime behavior. Unfortunately,
modern Windows applications make extensive use of dynamically generated
code. We introduce a new dynamic analysis based approach in DCFI to
control flow integrity that precisely learns a program's behavior by
monitoring previous executions. DCFI is the first approach to
demonstrate CFI in the presence of dynamic code generation and/or
self-modifying code and is immune to recent variations on ROP attacks
that thwart previous CFI approaches. DCFI underapproximates the legal
executions of software applications and thus can potentially build
tighter constraints than static approaches. As DCFI's knowledge of a
program becomes more complete, it tightens its constraints on a
program's execution, making successful attacks progressively more
difficult.
We have implemented DCFI in DynamoRIO. Our experiences using DCFI
indicate that it can protect modern desktop applications with dynamic
code generation engines including the latest versions of Microsoft Word,
Microsoft Excel, Microsoft PowerPoint, Microsoft Outlook, Google Chrome,
and Adobe Acrobat. Experiments also show that DCFI effectively detects
known exploits.
Main Content
Enter the password to open this PDF file:
-
-
-
-
-
-
-
-
-
-
-
-
-
-