© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for large-scale real-world C++ programs (e.g., Chrome) by using pointer analysis for the first time. Vip introduces two new techniques: (1) a sound and scalable partial pointer analysis for discovering statically the sets of legitimate targets at virtual callsites from separately compiled C++ modules and (2) a lightweight instrumentation technique for performing (virtual call) integrity checks at runtime. Vip raises the bar against vtable hijacking attacks by providing stronger security guarantees than the CHA-based approach with comparable performance overhead. Vip is implemented in LLVM-3.8.0 and evaluate...
Memory corruption vulnerabilities, such as stack-based buffer overflows, continue to be a major thre...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for larg...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
Abstract—Several defenses have increased the cost of tradi-tional, low-level attacks that corrupt co...
Web browsers are one of the most used, complex and popular software systems nowadays. They are prone...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Memory corruption attacks have haunted computer systems for decades. Attackers abuse subtle bugs in ...
Systems code is often written in low-level languages like C/C++, which offer many benefits but also ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
Evaluation data of the published paper: "VPS: Excavating High-Level C++ Constructs from Low-Level Bi...
Memory corruption vulnerabilities, such as stack-based buffer overflows, continue to be a major thre...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...
We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for larg...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
Abstract—Several defenses have increased the cost of tradi-tional, low-level attacks that corrupt co...
Web browsers are one of the most used, complex and popular software systems nowadays. They are prone...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Memory corruption attacks have haunted computer systems for decades. Attackers abuse subtle bugs in ...
Systems code is often written in low-level languages like C/C++, which offer many benefits but also ...
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
Evaluation data of the published paper: "VPS: Excavating High-Level C++ Constructs from Low-Level Bi...
Memory corruption vulnerabilities, such as stack-based buffer overflows, continue to be a major thre...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...
Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exp...