Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++
We present, VIP, an approach to boosting the precision of Virtual call Integrity Protection for large-scale real-world C++ programs (e.g., Chrome) by using pointer analysis for the first time. VIP introduces two new techniques: (1) a sound and scalable partial pointer analysis for discovering statically the sets of legitimate targets at virtual callsites from separately compiled C++ modules and (2) a lightweight instrumentation technique for performing (virtual call) integrity checks at runtime. VIP raises the bar against vtable hijacking attacks by providing stronger security guarantees than the CHA-based approach with comparable performance overhead. VIP is implemented in LLVM-3.8.0 and evaluated using SPEC programs and Chrome. Statically, VIP protects virtual calls more effectively than CHA by significantly reducing the sets of legitimate targets permitted at 20.3% of the virtual callsites per program, on average. Dynamically, VIP incurs an average (maximum) instrumentation overhead of 0.7% (3.3%), making it practically deployable as part of a compiler tool chain.
Wed 12 JulDisplayed time zone: Tijuana, Baja California change
15:30 - 17:10 | Static AnalysisTechnical Papers at Bren 1414 Chair(s): William G.J. Halfond University of Southern California | ||
15:30 25mTalk | Just-in-Time Static Analysis Technical Papers Lisa Nguyen Quang Do Fraunhofer IEM, Karim Ali University of Alberta, Benjamin Livshits Imperial College London, UK, Eric Bodden Heinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Justin Smith North Carolina State University, Emerson Murphy-Hill North Carolina State University DOI | ||
15:55 25mTalk | Refining Interprocedural Change-Impact Analysis using Equivalence Relations Technical Papers Alex Gyori University of Illinois at Urbana-Champaign, USA, Shuvendu Lahiri Microsoft Research, Nimrod Partush Technion DOI | ||
16:20 25mTalk | Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ Technical Papers Xiaokang Fan , Yulei Sui , Xiangke Liao National University of Defense Technology, China, Jingling Xue UNSW Australia DOI | ||
16:45 25mTalk | Lightweight Detection of Physical Unit Inconsistencies without Program Annotations Technical Papers John-Paul Ore University of Nebraska-Lincoln, USA, Sebastian Elbaum University of Nebraska-Lincoln, USA, Carrick Detweiler University of Nebraska-Lincoln, USA DOI | ||