Control-Flow Integrity and Attacker Models

De Ensiwiki
Aller à : navigation, rechercher
  • Responsables :
   Laurent Mounier (Laurent.Mounier@imag.fr) VERIMAG-DCS
   Marie-Laure Potet (Marie-Laure.Potet@imag.fr) VERIMAG
  • Mots-clés : software security, control-flow integrity, protection mechanisms, attacker models
  • Description :

One of the classical attack scenario against a software is to change its expected behavior in order to make it executing arbitrary code (i.e., opening a shell on a remote machine, installing a virus, sending sensible data across the network, etc.). This is particularly the case in programming languages like C and C++ where memory protection is not guaranteed by the language semantics, and programming bugs may be exploited by a malicious user to arbitrarily modify its control flow.

CFI protections are hardware and/or software mechanisms aiming to avoid this situation by preventing a program to divert from its intended control-flow. Since the initial description of CFI enforcement [1], numerous solutions have been proposed [2]. In particular, CFI protections are now included in recent versions of C/C++ compilers like Clang [3,4]. However, in some more specific contexts, like embedded systems, the attacker may even go further by altering the initial code and data using fault injection techniques. Such scenario may not be handled by classical CFI protections.

The purpose of this internship is to study the most common CFI protection mechanisms and to evaluate their effectiveness against a given attacker model. A particular objective will be to analyze how classical protections (targeting bug exploitation) behave in case of fault injection, and how they could be leveraged to better handle this attacker model.

Expected results:

  • a survey of the most common CFI protection techniques ;
  • an analysis (through code examples) of the counter-measures provided by compilers against various attacker models ;
  • a proposal to improve these techniques in case of fault injections, to be experimented and evaluated on a tool prototype.


Biblio

[1] Control Flow Integrity Principles, Implementations, and Applications Martin Abadi, Mihai Budiu, Jay Ligatti (CCS 2005)

[2] Control-Flow Integrity: Precision, Security, and Performance Nathan Burow et al. (ACM Computing Survey 2017)

[3] https://clang.llvm.org/docs/ControlFlowIntegrity.html

[4] https://blog.trailofbits.com/2016/10/17/lets-talk-about-cfi-clang-edition/