The Experts below are selected from a list of 65814 Experts worldwide ranked by ideXlab platform
Dawn Song - One of the best experts on this subject based on the ideXlab platform.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
-
NDSS - VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack- ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul- nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
Chao Zhang - One of the best experts on this subject based on the ideXlab platform.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
-
NDSS - VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack- ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul- nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
Urs Hölzle - One of the best experts on this subject based on the ideXlab platform.
-
ECOOP - Eliminating Virtual Function Calls in C++ Programs
Lecture Notes in Computer Science, 1996Co-Authors: Gerald Aigner, Urs HölzleAbstract:We have designed and implemented an optimizing source-to-source C++ compiler that reduces the frequency of Virtual Function calls. This technical report describes our preliminary experience with this system. The prototype implementation demonstrates the value of OO-specific optimization of C++. Despite some limitations of our system, and despite the low frequency of Virtual Function calls in some of the programs, optimization improves the performance of a suite of two small and six large C++ applications totalling over 90,000 lines of code by a median of 20% over the original programs and reduces the number of Virtual Function calls by a median factor of 5. For more call-intensive versions of the same programs, performance improved by a median of 40% and the number of Virtual calls dropped by a factor of 21. Our measurements indicate that inlining does not necessarily lead to large increases in code size, and that for most programs, the instruction cache miss ratio does not increase significantly.
-
OOPSLA - The direct cost of Virtual Function calls in C
Proceedings of the 11th ACM SIGPLAN conference on Object-oriented programming systems languages and applications - OOPSLA '96, 1996Co-Authors: Karel Driesen, Urs HölzleAbstract:We study the direct cost of Virtual Function calls in C++ programs, assuming the standard implementation using Virtual Function tables. We measure this overhead experimentally for a number of large benchmark programs, using a combination of executable inspection and processor simulation. Our results show that the C++ programs measured spend a median of 5.2% of their time and 3.7% of their instructions in dispatch code. For "all Virtuals" versions of the programs, the median overhead rises to 13.7% (13% of the instructions). The "thunk" variant of the Virtual Function table implementation reduces the overhead by a median of 21% relative to the standard implementation. On future processors, these overheads are likely to increase moderately.
-
OOPSLA - Minimizing row displacement dispatch tables
Proceedings of the tenth annual conference on Object-oriented programming systems languages and applications - OOPSLA '95, 1995Co-Authors: Karel Driesen, Urs HölzleAbstract:Row displacement dispatch tables implement message dispatching for dynamically-typed languages with a run time overhead of one memory indirection plus an equality test. The technique is similar to Virtual Function table lookup, which is, however, restricted to statically typed languages like C++. We show how to reduce the space requirements of dispatch tables to approximately the same size as Virtual Function tables. The scheme is then generalized for multiple inheritance. Experiments on a number of class libraries from five different languages demonstrate that the technique is effective for a broad range of programs. Finally, we discuss optimizations of the row displacement algorithm that allow dispatch table construction of these large samples to take place in a few seconds.
Chengyu Song - One of the best experts on this subject based on the ideXlab platform.
-
IEEE Symposium on Security and Privacy - HDFI: Hardware-Assisted Data-Flow Isolation
2016 IEEE Symposium on Security and Privacy (SP), 2016Co-Authors: Chengyu Song, Hyungon Moon, Monjur Alam, Insu Yun, Byoungyoung Lee, Taesoo Kim, Wenke Lee, Yunheung PaekAbstract:Memory corruption vulnerabilities are the root cause of many modern attacks. Existing defense mechanisms are inadequate; in general, the software-based approaches are not efficient and the hardware-based approaches are not flexible. In this paper, we present hardware-assisted data-flow isolation, or, HDFI, a new fine-grained data isolation mechanism that is broadly applicable and very efficient. HDFI enforces isolation at the machine word granularity by Virtually extending each memory unit with an additional tag that is defined by dataflow. This capability allows HDFI to enforce a variety of security models such as the Biba Integrity Model and the Bell -- LaPadula Model. We implemented HDFI by extending the RISC-V instruction set architecture (ISA) and instantiating it on the Xilinx Zynq ZC706 evaluation board. We ran several benchmarks including the SPEC CINT 2000 benchmark suite. Evaluation results show that the performance overhead caused by our modification to the hardware is low (< 2%). We also developed or ported several security mechanisms to leverage HDFI, including stack protection, standard library enhancement, Virtual Function table protection, code pointer protection, kernel data protection, and information leak prevention. Our results show that HDFI is easy to use, imposes low performance overhead, and allows us to create more elegant and more secure solutions.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
-
NDSS - VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack- ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul- nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
Zhaofeng Chen - One of the best experts on this subject based on the ideXlab platform.
-
VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:—In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack-ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul-nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
-
NDSS - VTint: Protecting Virtual Function Tables' Integrity
Proceedings 2015 Network and Distributed System Security Symposium, 2015Co-Authors: Chao Zhang, Kevin Zhijie Chen, Chengyu Song, Zhaofeng Chen, Dawn SongAbstract:In the recent past, a number of approaches have been proposed to protect certain types of control data in a program, such as return addresses saved on the stack, rendering most traditional control flow hijacking attacks ineffective. Attack- ers, however, can bypass these defenses by launching advanced attacks that corrupt other data, e.g., pointers indirectly used to access code. One of the most popular targets is Virtual table pointers (vfptr), which point to Virtual Function tables (vtable) consisting of Virtual Function pointers. Attackers can exploit vul- nerabilities, such as use-after-free and heap overflow, to overwrite the vtable or vfptr, causing further Virtual Function calls to be hijacked (vtable hijacking). In this paper we propose a lightweight defense solution VTint to protect binary executables against vtable hijacking attacks. It uses binary rewriting to instrument security checks before Virtual Function dispatches to validate vtables' integrity. Experiments show that it only introduces a low performance overhead (less than 2%), and it can effectively protect real-world vtable hijacking attacks.
