Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++
We present, VIP, an approach to boosting the precision of Virtual call Integrity Protection for large-scale real-world C++ programs (e.g., Chrome) by using pointer analysis for the first time. VIP introduces two new techniques: (1) a sound and scalable partial pointer analysis for discovering statically the sets of legitimate targets at virtual callsites from separately compiled C++ modules and (2) a lightweight instrumentation technique for performing (virtual call) integrity checks at runtime. VIP raises the bar against vtable hijacking attacks by providing stronger security guarantees than the CHA-based approach with comparable performance overhead. VIP is implemented in LLVM-3.8.0 and evaluated using SPEC programs and Chrome. Statically, VIP protects virtual calls more effectively than CHA by significantly reducing the sets of legitimate targets permitted at 20.3% of the virtual callsites per program, on average. Dynamically, VIP incurs an average (maximum) instrumentation overhead of 0.7% (3.3%), making it practically deployable as part of a compiler tool chain.
Wed 12 Jul Times are displayed in time zone: Tijuana, Baja California change
15:30 - 17:10: Static AnalysisTechnical Papers at Bren 1414 Chair(s): William G.J. HalfondUniversity of Southern California | |||
| 15:30 - 15:55 Talk | Just-in-Time Static Analysis Technical Papers Lisa Nguyen Quang DoFraunhofer IEM, Karim AliUniversity of Alberta, Benjamin LivshitsImperial College London, UK, Eric BoddenHeinz Nixdorf Institut, Paderborn University and Fraunhofer IEM, Justin SmithNorth Carolina State University, Emerson Murphy-HillNorth Carolina State University DOI | ||
| 15:55 - 16:20 Talk | Refining Interprocedural Change-Impact Analysis using Equivalence Relations Technical Papers Alex GyoriUniversity of Illinois at Urbana-Champaign, USA, Shuvendu LahiriMicrosoft Research, Nimrod PartushTechnion DOI | ||
| 16:20 - 16:45 Talk | Boosting the Precision of Virtual Call Integrity Protection with Partial Pointer Analysis for C++ Technical Papers Xiaokang Fan, Yulei Sui, Xiangke LiaoNational University of Defense Technology, China, Jingling XueUNSW Australia DOI | ||
| 16:45 - 17:10 Talk | Lightweight Detection of Physical Unit Inconsistencies without Program Annotations Technical Papers John-Paul OreUniversity of Nebraska-Lincoln, USA, Sebastian ElbaumUniversity of Nebraska-Lincoln, USA, Carrick DetweilerUniversity of Nebraska-Lincoln, USA DOI | ||