Skip to main content
eScholarship
Open Access Publications from the University of California

UC Irvine

UC Irvine Electronic Theses and Dissertations bannerUC Irvine

DCFI: Control Flow Integrity for Modern Windows Applications

Creative Commons 'BY' version 4.0 license
Abstract

Control flow integrity or CFI has emerged as an important technique for

preventing attacks on software. Previous approaches relied on static

analysis and thus largely target static binaries and are limited in how

tightly they can constrain a program's runtime behavior. Unfortunately,

modern Windows applications make extensive use of dynamically generated

code. We introduce a new dynamic analysis based approach in DCFI to

control flow integrity that precisely learns a program's behavior by

monitoring previous executions. DCFI is the first approach to

demonstrate CFI in the presence of dynamic code generation and/or

self-modifying code and is immune to recent variations on ROP attacks

that thwart previous CFI approaches. DCFI underapproximates the legal

executions of software applications and thus can potentially build

tighter constraints than static approaches. As DCFI's knowledge of a

program becomes more complete, it tightens its constraints on a

program's execution, making successful attacks progressively more

difficult.

We have implemented DCFI in DynamoRIO. Our experiences using DCFI

indicate that it can protect modern desktop applications with dynamic

code generation engines including the latest versions of Microsoft Word,

Microsoft Excel, Microsoft PowerPoint, Microsoft Outlook, Google Chrome,

and Adobe Acrobat. Experiments also show that DCFI effectively detects

known exploits.

Main Content
For improved accessibility of PDF content, download the file to your device.
Current View