Name
Abstract | ||
|---|---|---|
Code-reuse attacks have become the primary exploitation technique for system compromise despite of the recently introduced Data Execution Prevention technique in modern platforms. Different from code injection attacks, they result in unintended control-flow transfer to victim programs without adding malicious code. This paper proposes a practical scheme named as CFIGuard to detect code-reuse attacks on user space applications. CFIGuard traces every branch execution by leveraging hardware features of commodity processors, and then validates the traces based on fine-grained control flow graphs. We have implemented a prototype of CFIGuard on Linux and the experiments show that it only incurs around 2.9﾿% runtime overhead for a set of typical server applications. |
Year | DOI | Venue |
|---|---|---|
2015 | 10.1007/978-3-319-26362-5_4 | RAID |
Field | DocType | Citations |
Graph,Computer science,Computer security,Control flow,Control-flow integrity,Data Execution Prevention,Code reuse,Computer hardware,User space,Code injection attacks,Operating system | Conference | 9 |
PageRank | References | Authors |
0.51 | 29 | 3 |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Pinghai Yuan | 1 | 9 | 1.86 |
| Qingkai Zeng | 2 | 20 | 6.24 |
| Xuhua Ding | 3 | 913 | 58.08 |