Analysis of defenses against code reuse attacks on modern and new architectures

Evans, Isaac Noah

Author(s)

Evans, Isaac Noah

DownloadFull printable version (1.164Mb)

Other Contributors

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science.

Advisor

Hamed Okhravi and Howard Shrobe.

Terms of use

M.I.T. theses are protected by copyright. They may be viewed from this source for any purpose, but reproduction or distribution in any format is prohibited without written permission. See provided URL for inquiries about permission. http://dspace.mit.edu/handle/1721.1/7582

Metadata

Show full item record

Abstract

Today, the most common avenue for exploitation of computer systems is a control-flow attack in which the attacker gains direct or indirect control of the instruction pointer. In order to gain remote code execution, attackers then exploit legitimate fragments of code in the executable via techniques such as return-oriented-programming or virtual table overwrites. This project aims to answer fundamental questions about the efficacy of control-flow-integrity (CFI), a defensive technique which attempts to prevent such attacks by ensuring that every control flow transfer corresponds to the original intent of the program author. Although this problem is in general undecidable, most programs running on modern operating systems adhere to standard conventions which allow inferences from static analysis to set a specification for allowable runtime behavior. 1. By examining extremely large, complex real-world programs such as web browsers, this project will characterize the fundamental limits of CFI techniques. We find that it is possible for a program in which CFI is perfectly enforced to be exploited via a novel control flow attacks. 2. We examine the potential for hardware support for CFI and other techniques via generalized tagged architectures, and explore the tradeoff between the compatibility, performance, and security guarantees of hardware-assisted policies on tagged architectures.

Description

Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Computer Science, 2015.

This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.

Cataloged from student-submitted PDF version of thesis.

Includes bibliographical references (pages 73-77).

Date issued

2015

URI

http://hdl.handle.net/1721.1/105984

Department

Massachusetts Institute of Technology. Department of Electrical Engineering and Computer Science

Publisher

Massachusetts Institute of Technology

Keywords

Electrical Engineering and Computer Science.

Collections

Graduate Theses