Wrangling in the Power of Code Pointers with ProxyCFI - Data and Applications Security and Privacy XXXIII Access content directly
Conference Papers Year : 2019

Wrangling in the Power of Code Pointers with ProxyCFI

Misiker Tadesse Aga
  • Function : Author
  • PersonId : 1059325
Colton Holoday
  • Function : Author
  • PersonId : 1059326
Todd Austin
  • Function : Author
  • PersonId : 1059327


Despite being a more than 40-year-old dark art, control flow attacks remain a significant and attractive means of penetrating applications. Control Flow Integrity (CFI) prevents control flow attacks by forcing the execution path of a program to follow the control flow graph (CFG). This is performed by inserting checks before indirect jumps to ensure that the target is within a statically determined valid target set. However, recent advanced control flow attacks have been shown to undermine prior CFI techniques by swapping targets of an indirect jump with another one from the valid set.In this article, we present a novel approach to protect against advanced control flow attacks called ProxyCFI. Instead of building protections to stop code pointer abuse, we replace code pointers wholesale in the program with a less powerful construct – pointer proxies. Pointer proxies are random identifiers associated with legitimate control flow edges. All indirect control transfers in the program are replaced with multi-way branches that validate control transfers with pointer proxies. As pointer proxies are uniquely associated with both the source and the target of control-flow edges, swapping pointer proxies results in a violation even if they have the same target, stopping advanced control flow attacks that undermine prior CFI techniques. In all, ProxyCFI stops a broad range of recently reported advanced control flow attacks on real-world applications with only a 4% average slowdown.
Fichier principal
Vignette du fichier
480962_1_En_17_Chapter.pdf (1.15 Mo) Télécharger le fichier
Origin : Files produced by the author(s)

Dates and versions

hal-02384583 , version 1 (28-11-2019)





Misiker Tadesse Aga, Colton Holoday, Todd Austin. Wrangling in the Power of Code Pointers with ProxyCFI. 33th IFIP Annual Conference on Data and Applications Security and Privacy (DBSec), Jul 2019, Charleston, SC, United States. pp.317-337, ⟨10.1007/978-3-030-22479-0_17⟩. ⟨hal-02384583⟩
44 View
11 Download



Gmail Facebook X LinkedIn More