Lost Control Breaking Hardware Assisted Kernel Control Flow Integrity with Page Oriented Programming
ControlFlow Integrity (CFI) has been widely spreading from applications to the kernel to prevent Code Reuse Attacks (CRAs) such as ret2libc and ReturnOriented Programming (ROP). The CFI mechanism is based on the ControlFlow Graph (CFG) created by static analysis. It prevents unintended execution flows that deviate from that and reduces controlflow hijacking essential for CRAs. For this reason, Microsoft Windows and Linuxbased operating systems have adopted it. Recently, hardwarebased CFI technologies that consist of Indirect Branch Tracking (IBT) and shadow stack emerged to support it. They developed softwarebased CFIs to hardwareassisted CFIs, which has more strong enforcement. Hypervisorbased integrity protection mechanisms also hardened the CFIs policies. These security mechanisms make traditional attack techniques challenging, including control flow hijacking and code By: Seunghun Han Full Abstract and Presentation Materials:
|
|