Please use this identifier to cite or link to this item: https://hdl.handle.net/10356/151282
Title: Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense
Authors: Wang, Chenyu
Chen, Bihuan
Liu, Yang
Wu, Hongjun
Keywords: Engineering::Computer science and engineering
Issue Date: 2018
Source: Wang, C., Chen, B., Liu, Y. & Wu, H. (2018). Layered object-oriented programming : advanced VTable reuse attacks on binary-level defense. IEEE Transactions On Information Forensics and Security, 14(3), 693-708. https://dx.doi.org/10.1109/TIFS.2018.2855648
Project: NRF2016NCR-NCR002-026
Journal: IEEE Transactions on Information Forensics and Security
Abstract: Vtable reuse attack, as a novel type of code reuse attacks, is introduced to bypass most binary-level control flow integrity enforcement and vtable integrity enforcement. So far, two binary-level defenses (TypeArmor and vfGuard) are proposed to defend against vtable reuse attacks. Both techniques use semantic information as the control flow integrity enforcement policy, i.e., TypeArmor and vfGuard utilize argument register count and dispatch offset at virtual callsite as the signature to check the validity of target functions, respectively. In this paper, we propose layered object-oriented programming (LOOP), an advanced vtable reuse attack, to show that the coarse-grained control flow integrity strategies are still vulnerable to vtable reuse attacks. In LOOP, we introduce argument expansion gadgets and transfer gadgets to, respectively, bypass TypeArmor and vfGuard. We generalize the characteristics of both gadgets and develop a tool to discover them at the binary level. We demonstrated that under the protection of TypeArmor and vfGuard, Firefox, Adobe Flash Player, and Internet Explorer are all vulnerable to LOOP attacks. Furthermore, we show the availability of argument expansion gadgets and transfer gadgets in common software or libraries.
URI: https://hdl.handle.net/10356/151282
ISSN: 1556-6013
DOI: 10.1109/TIFS.2018.2855648
Rights: © 2018 IEEE. All rights reserved.
Fulltext Permission: none
Fulltext Availability: No Fulltext
Appears in Collections:SPMS Journal Articles

Page view(s)

41
Updated on Oct 27, 2021

Google ScholarTM

Check

Altmetric


Plumx

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.