DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton. Issue 81 (March 2019)
- Record Type:
- Journal Article
- Title:
- DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton. Issue 81 (March 2019)
- Main Title:
- DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton
- Authors:
- Wang, Ye
Li, Qingbao
Zhang, Ping
Chen, Zhifeng
Zhang, Guimin - Abstract:
- Abstract: In recent years, non-control data attacks have become a popular topic in the field of network security. These attacks, such as data-oriented programming (DOP), do not aim to circumvent the control-flow integrity (CFI) protections; rather, they need corrupt only the security-critical non-control data of the target program. Non-control data attacks have been shown to achieve Turing-complete computation. In this paper, we build a non-control data attack description model and analyse feasible defence strategies. We present a new program behaviour model, i.e., the data-aware finite-state automaton (dFSA). Based on the dFSA, we propose the DOPdefender method, which is a method of defending against non-control data attacks. DOPdefender monitors the target process and is aware of the security-critical non-control data that are expected to be operated at runtime, thus validating the legality of the operation on the security-critical non-control data. DOPdefender can prevent adversaries from corrupting the security-critical non-control data of the target program and defend against existing non-control data attacks. We evaluate our method on a Linux operating system. An effectiveness test and a performance test indicate the effectiveness of DOPdefender in thwarting non-control data attacks with a 28.4% runtime overhead on average for CPU-intensive programs and a 13.5% runtime overhead on average for I/O-intensive programs. In the Limitations Section, we discuss a solution toAbstract: In recent years, non-control data attacks have become a popular topic in the field of network security. These attacks, such as data-oriented programming (DOP), do not aim to circumvent the control-flow integrity (CFI) protections; rather, they need corrupt only the security-critical non-control data of the target program. Non-control data attacks have been shown to achieve Turing-complete computation. In this paper, we build a non-control data attack description model and analyse feasible defence strategies. We present a new program behaviour model, i.e., the data-aware finite-state automaton (dFSA). Based on the dFSA, we propose the DOPdefender method, which is a method of defending against non-control data attacks. DOPdefender monitors the target process and is aware of the security-critical non-control data that are expected to be operated at runtime, thus validating the legality of the operation on the security-critical non-control data. DOPdefender can prevent adversaries from corrupting the security-critical non-control data of the target program and defend against existing non-control data attacks. We evaluate our method on a Linux operating system. An effectiveness test and a performance test indicate the effectiveness of DOPdefender in thwarting non-control data attacks with a 28.4% runtime overhead on average for CPU-intensive programs and a 13.5% runtime overhead on average for I/O-intensive programs. In the Limitations Section, we discuss a solution to making our method scalable for large-scale programs under some guiding information. … (more)
- Is Part Of:
- Computers & security. Issue 81(2019)
- Journal:
- Computers & security
- Issue:
- Issue 81(2019)
- Issue Display:
- Volume 81, Issue 81 (2019)
- Year:
- 2019
- Volume:
- 81
- Issue:
- 81
- Issue Sort Value:
- 2019-0081-0081-0000
- Page Start:
- 94
- Page End:
- 106
- Publication Date:
- 2019-03
- Subjects:
- Non-control data attacks -- DOP -- Security-critical non-control data -- dFSA -- DOPdefender
Computer security -- Periodicals
Electronic data processing departments -- Security measures -- Periodicals
005.805 - Journal URLs:
- http://www.sciencedirect.com/science/journal/01674048 ↗
http://www.elsevier.com/journals ↗ - DOI:
- 10.1016/j.cose.2018.11.002 ↗
- Languages:
- English
- ISSNs:
- 0167-4048
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - 3394.781000
British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 9397.xml