• Journal of Internet Computing and Services
    ISSN 2287 - 1136(Online) / ISSN 1598 - 0170 (Print)
    http://jics.or.kr/

CFI Approach to Defend against GOT Overwrite Attacks


Seunghoon Jeong, Jaejoon Hwang, Hyukjin Kwon, Dongkyoo Shin, Journal of Internet Computing and Services, Vol. 21, No. 1, pp. 179-190, Feb. 2020
10.7472/jksii.2020.21.1.179, Full Text:
Keywords: Control Flow Integrity, GOT/PLT, linking and loading, Security

Abstract

In the Unix-like system environment, the GOT overwrite attack is one of the traditional control flow hijacking techniques for exploiting software privileges. Several techniques have been proposed to defend against the GOT overwrite attack, and among them, the Full Relro(Relocation Read only) technique, which blocks GOT overwrites at runtime by arranging the GOT section as read-only in the program startup, has been known as the most effective defense technique. However, it entails loading delay, which limits its application to a program sensitive to startup performance, and it is not currently applied to the library due to problems including a chain loading delay problem caused by nested library dependency. Also, many compilers, including LLVM, do not apply the Full Relro technique by default, so runtime programs are still vulnerable to GOT attacks. In this paper, we propose a GOT protection scheme using the Control Flow Integrity(CFI) technique, which is currently recognized as the most suitable technique for defense against code reuse attacks. We implemented this scheme based on LLVM and applied it to the binutils-gdb program group to evaluate security, performance and compatibility. The GOT protection scheme with CFI is difficult to bypass, fast, and compatible with existing library programs.


Statistics
Show / Hide Statistics

Statistics (Cumulative Counts from November 1st, 2017)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article
[APA Style]
Seunghoon Jeong, Jaejoon Hwang, Hyukjin Kwon, & Dongkyoo Shin (2020). CFI Approach to Defend against GOT Overwrite Attacks. Journal of Internet Computing and Services, 21(1), 179-190. DOI: 10.7472/jksii.2020.21.1.179.

[IEEE Style]
S. Jeong, J. Hwang, H. Kwon and D. Shin, "CFI Approach to Defend against GOT Overwrite Attacks," Journal of Internet Computing and Services, vol. 21, no. 1, pp. 179-190, 2020. DOI: 10.7472/jksii.2020.21.1.179.

[ACM Style]
Seunghoon Jeong, Jaejoon Hwang, Hyukjin Kwon, and Dongkyoo Shin. 2020. CFI Approach to Defend against GOT Overwrite Attacks. Journal of Internet Computing and Services, 21, 1, (2020), 179-190. DOI: 10.7472/jksii.2020.21.1.179.