Optimized data-flow integrity for modern compilers
Cargando...
Fecha
2024
Título de la revista
ISSN de la revista
Título del volumen
Editor
Institute of Electrical and Electronics Engineers Inc.
Resumen
Non-control-data attacks are those attacks that purely target and modify the non-control data of a program, such as boolean values, user input or configuration parameters, and leave the control flow of a program untouched. These attacks were considered a niche due to the high difficulty in crafting attacks that do not modify the control flow. However, in recent years researchers have already demonstrated that non-control-data attacks can be automatically constructed and that they pose a significant threat because they can compromise critical and widely used software, such as web browsers and the Linux kernel. Moreover, they can also be used to disable or bypass state-of-the-art software security techniques, such as control-flow integrity. The most promising technique to protect against non-control-data attacks is data-flow integrity, however, modern compilers do not implement this protection yet. In this work we present an optimized data-flow integrity implementation for modern compilers that reduces the amount of basic blocks that need to be protected in an average of 45.8%, it also has broader security guarantees due to its more precise static analysis. Finally, we evaluate the completeness of our optimized data-flow integrity implementation.
Palabras clave
Compilers
Data-flow integrity
Non-control-data attacks
Program analysis
Security vulnerabilities
Systems security
Data-flow integrity
Non-control-data attacks
Program analysis
Security vulnerabilities
Systems security
Descripción
Materias
Cita
Díez-Franco, I., Ugarte-Pedrero, X., & García-Bringas, P. (2024). Optimized Data-Flow Integrity for Modern Compilers. IEEE Access, 12, 124171-124182. https://doi.org/10.1109/ACCESS.2024.3454551