We present, Vip, an approach to boosting the precision of Virtual call Integrity Protection for large-scale real-world C++ programs (e.g., Chrome) by using pointer analysis for the first time. Vip introduces two new techniques: (1) a sound and scalable partial pointer analysis for discovering statically the sets of legitimate targets at virtual callsites from separately compiled C++ modules and (2) a lightweight instrumentation technique for performing (virtual call) integrity checks at runtime. Vip raises the bar against vtable hijacking attacks by providing stronger security guarantees than the CHA-based approach with comparable performance overhead. Vip is implemented in LLVM-3.8.0 and evaluated using SPEC programs and Chrome. Statically...
With reference to a single address space paradigm of memory addressing, we identify a set of mechani...
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtua...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...
© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision o...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
Abstract-Several defenses have increased the cost of traditional, low-level attacks that corrupt con...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Web browsers are one of the most used, complex and popular software systems nowadays. They are prone...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Memory corruption attacks have haunted computer systems for decades. Attackers abuse subtle bugs in ...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Systems code is often written in low-level languages like C/C++, which offer many benefits but also ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
A side channel is an observable attribute of program execution other than explicit communication, e....
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
With reference to a single address space paradigm of memory addressing, we identify a set of mechani...
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtua...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...
© 2017 Association for Computing Machinery. We present, Vip, an approach to boosting the precision o...
Polymorphism and inheritance make C++ suitable for writing complex software, but significantly incre...
Abstract-Several defenses have increased the cost of traditional, low-level attacks that corrupt con...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Web browsers are one of the most used, complex and popular software systems nowadays. They are prone...
VTable hijacking has lately been promoted to the de facto technique for exploiting C++ applications,...
Memory corruption attacks have haunted computer systems for decades. Attackers abuse subtle bugs in ...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Systems code is often written in low-level languages like C/C++, which offer many benefits but also ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
A side channel is an observable attribute of program execution other than explicit communication, e....
Compilers are at the foundation of software security. On the one hand, compilers are an ideal place ...
With reference to a single address space paradigm of memory addressing, we identify a set of mechani...
The CHERI architecture allows pointers to be implemented as capabilities (rather than integer virtua...
Lack of memory safety in C/C++ has resulted in numerous security vulnerabilities and serious bugs in...