Abstract
Object flow integrity (OFI) augments control-flow integrity (CFI) and software fault isolation (SFI) protections with secure, first-class support for binary object exchange across inter-module trust boundaries. This extends both source-aware and source-free CFI and SFI technologies to a large class of previously unsupported software: Those containing immutable system modules with large, objectoriented APIs-which are particularly common in component-based, event-driven consumer software. It also helps to protect these intermodule object exchanges against confused deputy-assisted vtable corruption and counterfeit object-oriented programming attacks. A prototype implementation for Microsoft Component Object Model demonstrates that OFI is scalable to large interfaces on the order of tens of thousands of methods, and exhibits lowoverheads of under 1% for some common-case applications. Significant elements of the implementation are synthesized automatically through a principled design inspired by type-based contracts.
Author supplied keywords
Cite
CITATION STYLE
Wang, W., Xu, X., & Hamlen, K. W. (2017). Object flow integrity. In Proceedings of the ACM Conference on Computer and Communications Security (pp. 1909–1924). Association for Computing Machinery. https://doi.org/10.1145/3133956.3133986
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
