New methods for the integrity of the data flow in operating systems and their applications
Cargando...
Fecha
2025-03-05
Autores
Título de la revista
ISSN de la revista
Título del volumen
Editor
Universidad de Deusto
Resumen
Thanks to the widespread deployment of information security techniques that protect applications and operating systems against control flow hijacking attacks, malicious actors face increased difficulties to exploit computer systems. This, however, has a downside, attackers are becoming more imaginative and try to find new and increasingly complex vulnerability exploitation techniques.
One of these new techniques is based on exploiting the non-control data of a program with malicious intent, and the unfortunate news is that neither operating systems nor their applications currently deploy any known defences against this kind of attacks.
In this dissertation we propose a compiler-based optimised defence based on the data-flow integrity property that allows practitioners to compile applications with security mechanisms in order to provide defences against non-control-data attacks.
This defence has been built on top of the GCC compiler, allowing a widespread adoption and usage by any C application that can be compiled with GCC.
Our implementation is set apart from previous works in the granularity and precision of its static analysis, providing broader security guarantees. Moreover, we provide two novel optimisations that on one hand give full control to the users so that they can define which types of non-control-data they wish to protect in their applications, and on the other hand allow to reduce the amount of basic blocks that the GCC compiler needs to protect by 45.8% in average, whilst maintaining the security guarantees.
Palabras clave
Descripción
Materias
Matemáticas
Ciencia de los ordenadores
Inteligencia artificial
Matemáticas
Ciencia de los ordenadores
Informática
Ciencia de los ordenadores
Inteligencia artificial
Matemáticas
Ciencia de los ordenadores
Informática