| Research |
| [ CSI ] [ ETH ] |
[ Lab Manager ]
| [ Publications ] [ Research Opportunities ] [ Partners & Supporters ] [ Earlier Work ] |
|
I Control Your Code - Attack Vectors Through the Eyes of Software-based Fault Isolation |
| Mathias Payer, I Control Your Code - Attack Vectors Through the Eyes of Software-based Fault Isolation, Proceedings of the 27c3 (27c3'10), December 2010. [27C3_2010.pdf] |
| Exploits are an interesting way to extend the functional- ity of programs. This paper presents and explains differ- ent attack vectors, namely stack-based and heap-based code injection, arc attacks on the heap as well as on the stack, format string attacks, arithmetic overflows, data attacks, and mixed ISA attacks. These attacks can be used (often in combination with other attacks) to exe- cute arbitrary code. From a security perspective we want to analyze how the exploit is able to hijack and redirect the control flow and what kind of malicious system calls are executed. This paper presents an approach to software-based fault isolation (SFI) that verifies every single instruction that is executed. Guards guarantee that the threat of attacks that alter the control flow, e.g., code injection, and arc attacks is removed. An additional system call authoriza- tion framework checks system calls and arguments and verifies that they conform to a strict user-defined policy. The combination of SFI and policy-based system call authorization enables an additional layer of protection for applications that runs completely in user-space. |
| [ Publications ] [ Research Opportunities ] [ Partners & Supporters ] [ Earlier Work ] |