Please use this identifier to cite or link to this item:
|Title:||Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense||Authors:||Wang, Chenyu
|Keywords:||Engineering::Computer science and engineering||Issue Date:||2018||Source:||Wang, C., Chen, B., Liu, Y. & Wu, H. (2018). Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense. IEEE Transactions On Information Forensics and Security, 14(3), 693-708. https://dx.doi.org/10.1109/TIFS.2018.2855648||Project:||NRF2016NCR-NCR002-026||Journal:||IEEE Transactions on Information Forensics and Security||Abstract:||Vtable reuse attack, as a novel type of code reuse attacks, is introduced to bypass most binary-level control flow integrity enforcement and vtable integrity enforcement. So far, two binary-level defenses (TypeArmor and vfGuard) are proposed to defend against vtable reuse attacks. Both techniques use semantic information as the control flow integrity enforcement policy, i.e., TypeArmor and vfGuard utilize argument register count and dispatch offset at virtual callsite as the signature to check the validity of target functions, respectively. In this paper, we propose layered object-oriented programming (LOOP), an advanced vtable reuse attack, to show that the coarse-grained control flow integrity strategies are still vulnerable to vtable reuse attacks. In LOOP, we introduce argument expansion gadgets and transfer gadgets to, respectively, bypass TypeArmor and vfGuard. We generalize the characteristics of both gadgets and develop a tool to discover them at the binary level. We demonstrated that under the protection of TypeArmor and vfGuard, Firefox, Adobe Flash Player, and Internet Explorer are all vulnerable to LOOP attacks. Furthermore, we show the availability of argument expansion gadgets and transfer gadgets in common software or libraries.||URI:||https://hdl.handle.net/10356/151282||ISSN:||1556-6013||DOI:||10.1109/TIFS.2018.2855648||Rights:||© 2018 IEEE. All rights reserved.||Fulltext Permission:||none||Fulltext Availability:||No Fulltext|
|Appears in Collections:||SPMS Journal Articles|
Updated on Oct 27, 2021
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.