Quick Links

 

Login



Other Articles by Author(s)

Yongsuk Lee
Gyungho Lee



Author(s) and WSEAS

Yongsuk Lee
Gyungho Lee


WSEAS Transactions on Information Science and Applications


Print ISSN: 1790-0832
E-ISSN: 2224-3402

Volume 14, 2017

Notice: As of 2014 and for the forthcoming years, the publication frequency/periodicity of WSEAS Journals is adapted to the 'continuously updated' model. What this means is that instead of being separated into issues, new papers will be added on a continuous basis, allowing a more regular flow and shorter publication times. The papers will appear in reverse order, therefore the most recent one will be on top.


Control Flow Confinement: An Empirical Prospect

AUTHORS: Yongsuk Lee, Gyungho Lee

Download as PDF

ABSTRACT: Dictating program control-flow transfers to be within a reference control-flow graph (CFG) can make a sound software protection. Control flow confinement (CFC) is to ensure the program execution to follow the reference of a control flow graph (CFG) obtained via profiled execution traces with various input data sets. CFC allows only the tested and expected control flows in program execution. This paper gauges the prospect of the CFC in practice by investigating how many unique control flow transfer instances there are in the execution profiles of various applications including popular sever programs and embedded routines. The profiled execution traces with various input data sets show that the number of unique control flow transfer instances are surprisingly low, which suggest that confining the program control flow within the set of the unique control flow transfers is feasible in practice. With the CFC, software behavior would be within the expected behavior space, avoiding unexpected mis-behavior, which leads to more dependable and secure environment for IoT (Internet of Things) and CPS (Cyber Physical System).

KEYWORDS: Cyber Physical Systems, Dependability, Internet of Things, Software Security

REFERENCES:

[1] M. Abadi, M. Budiu, U. Erlingsson and J. Ligatti, “Control-flow integrity principles, implementations, and applications”, ACM Transactions on Information and System Security, vol. 13, issue 1, Oct. 2009, Article no. 4

[2] Bochs, “The Open Source IA-32 Emulation Project”, http://bochs.sourceforge.net/

[3] E. Buchanan, R. Roemer, H. Shacham, and S. Savage, “When good instructions go bad: Generalizing return-oriented programming to RISC,” in Proceedings of the 15th ACM conference on Computer and Communications Security, Oct. 2008, pp. 27–38.

[4] N. Carlini and D. Wagner, “ROP is still dangerous: Breaking modern defenses”, in Proceeding of the 23rd USENIX conference on Security Symposium, 2014, pp. 385-399

[5] N. Carlini, A. Barresi, M. Payer, D. Wagner and T. R. Gross, “Control-flow bending: on the effectiveness of control-flow integrity”, in Proceedings of the 24nd USENIX conference on Security Symposium, 2015, pp. 161-176

[6] S. Checkoway, L. Davi, A. Dmitrienko, A.-R. Sadeghi, H. Shacham, and M. Winandy, “Return Oriented Programming without Returns”, in Proceedings of the 17th ACM conference on Computer and Communications Security, 2010, pp. 559-572.

[7] S. Chen, J. Xu, E. C. Sezer, P. Gauriar, and R. Iyer. “Non-Control-Data Attacks Are Realistic Threats”, in Proceedings of the 14th conference on USENIX Security Symposium, Aug. 2005, pp. 12-26.

[8] S. Chen, J. Xu, N. Nakka, Z. Kalbarczyk, R. Iyer. “Defeating Memory Corruption Attacks via Pointer Taintedness Detection”. in Proceedings of the International Conference on Dependable Systems and Networks, June, 2005, pp. 378-387

[9] C. Cowan, C. Pu, D. Maier, J. Walphole, P. Bakke, S. Beattie, A. Grier, P. Wagle, Q. Zhang, and H. Hinton, “StackGuard: Automatic adaptive detection and prevention of bufferoverflow attacks”, in Proceedings of the 7th conference on USENIX Security Symposium, Jan 1998, pp. 5-20.

[10] L. Davi, A. Sadeghi, D. Lehmann, F. Monrose, 'Stitching the gadgets: on the ineffectiveness of coarse-grained control-flow integrity protection', in Proceedings of the 23rd USENIX conference on Security Symposium, 2014, pp. 401-416.

[11] H. Feng, O. Kolesnikov, P. Fogla, W. Lee, W. Gong, “Anomaly Detection Using Call Stack Information”, in Proceedings of the 2003 IEEE Symposium on Security and Privacy, May, 2003, pp. 62-75.

[12] S. Forrest, S. Hofmeyr, A. Somayajo, T. Longstaff, “A Sense of Self for Unix Processes”, in Proceedings of the IEEE Symposium on Security and Privacy, 1996, pp. 120-128.

[13] M Frantzen and M. Shuey. “Stackghost: Hardware facilitated stack protection”, in Proceedings of the 10th conference on USENIX Security Symposium, Aug. 2001, vol. 10, no. 5.

[14] G. Fursin, J. Cavazos, M. O'Boyle and O. Temam, 'MiDataSets: creating the conditions for a more realistic evaluation of Iterative optimization', in Proceeding of the 2nd international conference on High performance embedded architectures and compilers, 2007, pp. 245-260

[15] E. Goktas, E. Athanasopoulos, H. Bos, and G. Portokalidis, “Out of control: Overcoming control-flow integrity”, in Proceedings of the IEEE Symposium on Security and Privacy, 2014, pp. 575-589.

[16] M . Guthaus, J. S. Ringenberg, D. Ernst, T. Austin, T. Mudge, and R. B. Brown, “Mibench: A free, commercially representative embedded benchmark suite”, in Proceedings of the IEEE 4th Annual Workshop on Workload Characterization, Dec. 2001, pp. 3-14.

[17] G. Lee and A. Tyagi, “Encoded Program Counter: Self-Protection from Buffer Overflow Attacks”, in Proceedings of the First International Conference on Internet Computing, June 2000, pp. 387-394.

[18] Y. Park, Z. Zhang, G. Lee, “Microarchitectural Protection Against StackBased Buffer Overflow Attack”, IEEE Micro, July 2006, vol 26, no. 4, pp. 62-71.

[19] R. Sekar, M. Bendre, P. Bollineni, D. Dhurjati, 'A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors', in Proceedings of the IEEE Symposium on Security and Privacy, 2001, pp. 144-155.

[20] H. Shacham, “The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86),” in Proceedings of the 14th ACM conference on Computer and Communications security, Oct. 2007, pp. 552– 61.

[21] SSH CRC-32 Compensation Attack Detector Vulnerability. http://www.securityfocus.com/bid/2347/

[22] M. Tran, M. Etheridge, T. Bletsch, X. Jiang, V. Freeh, and P. Ning, “On the expressiveness of return-into-libc attacks,” in Proceedings of the 14th International conference on Recent Advances in Intrusion Detection, 2011, pp. 121– 141.

[23] N. Tuck, B. Calder, G. Varghese, “Hardware and Binary Modification Support for Code Pointer Protection from Buffer Overflow”, in Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture, 2004, pp. 209-220.

[24] V. Veen, D. Andriesse, E. Göktaş, B. Gras, L. Sambuc, A. Slowinska, H. Bos, C. Giuffrida, “Practical Context-Sensitive CFI”, in Proceedings of the 22th ACM conference on Computer and Communications Security, 2012, pp. 927–940.

[25] D. Wagner, D. Dean, “intrusion detection via Static Analysis”, in Proceedings of the IEEE Symposium on Security and Privacy, 2001, pp. 156-168.

[26] D. Wagner, P. Soto, “Mimicry Attack on Host-based Intrusion detection system”, in Proceedings of the 9th ACM conference on Computer and communications security, Nov. 2002, pp. 255-264.

WSEAS Transactions on Information Science and Applications, ISSN / E-ISSN: 1790-0832 / 2224-3402, Volume 14, 2017, Art. #6, pp. 40-48


Copyright © 2017 Author(s) retain the copyright of this article. This article is published under the terms of the Creative Commons Attribution License 4.0

Bulletin Board

Currently:

The editorial board is accepting papers.


WSEAS Main Site