Code-Pointer Integrity

Volodymyr Kuznetsov Dependable Systems Lab, EPFL Friday, September 26, 2014 @ 11:00am Room BC 420 Hosted by: Prof. George Candea
Coffee, tea and croissants will be available before the talk starting at 10:45 am.

Abstract

Systems code is often written in low-level languages like C/C++, which offer many benefits but also delegate memory management to programmers. This invites memory safety bugs that attackers can exploit to divert control flow and compromise the system. Deployed defense mechanisms (e.g., ASLR, DEP) are incomplete, and stronger defense mechanisms (e.g., CFI) often have high overhead and limited guarantees.

We introduce code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (e.g., function pointers, saved return addresses) and thereby prevents all control-flow hijack attacks, including return-oriented programming. We also introduce code-pointer separation (CPS), a relaxation of CPI with better performance properties. CPI and CPS offer substantially better security-to-overhead ratios than the state of the art, they are practical (we protect a complete FreeBSD system and over 100 packages like apache and postgresql), effective (prevent all attacks in the RIPE benchmark), and efficient: on SPEC CPU2006, CPS averages 1.2% overhead for C and 1.9% for C/C++, while CPI’s overhead is 2.9% for C and 8.4% for C/C++.

A prototype implementation of CPI and CPS can be obtained from http://levee.epfl.ch.

(This is joint work with L. Szekeres, M. Payer, G. Candea, R. Sekar, and D. Song)

Biography

Volodymyr Kuznetsov is a PhD student at EPFL advised by George Candea, working on systems, security, and program analysis & verification. He received his BS (‘07) and MS (‘09) in Applied Physics and Mathematics from the Moscow Institute of Physics and Technology.