Cover Image

Vtable hijacking: object type integrity for run-time type information

Attackers try to hijack the control-flow of a victim’s process by exploiting a run-time vulnerability. Vtable hijacking is a state-of-the-art technique adversaries use to conduct control-flow hijacking attacks. It abuses the reliance of language constructs related to polymorphism on dynamic type inf...

Full description

Saved in:
Bibliographic Details
Main Authors: Schröder, Marco (Author) , Machmeier, Stefan (Author) , Heuveline, Vincent (Author)
Format: Book/Monograph
Language:English
Published: Heidelberg Universitätsbibliothek March 2, 2023
Series:Preprint series of the Engineering Mathematics and Computing Lab (EMCL) Preprint no. 2023-01
In: Preprint series of the Engineering Mathematics and Computing Lab (EMCL) (Preprint no. 2023-01)

DOI:10.11588/emclpp.2023.1.94354
Online Access:Verlag, kostenfrei, Volltext: https://doi.org/10.11588/emclpp.2023.1.94354
Verlag, kostenfrei, Volltext: https://journals.ub.uni-heidelberg.de/index.php/emcl-pp/article/view/94354
Get full text
Author Notes:Marco Schröder, Stefan Machmeier, Vincent Heuveline
Description
Summary:Attackers try to hijack the control-flow of a victim’s process by exploiting a run-time vulnerability. Vtable hijacking is a state-of-the-art technique adversaries use to conduct control-flow hijacking attacks. It abuses the reliance of language constructs related to polymorphism on dynamic type information. The Control Flow Integrity (CFI) security policy is a well-established solution designed to prevent attacks that corrupt the control-flow. Deployed defense mechanisms based on CFI are often generic, which means that they do not consider high-level programming language semantics. This makes them vulnerable to vtable hijacking attacks. Object Type Integrity (OTI) is an orthogonal security policy that specifically addresses vtable hijacking. CFIXX is a Clang compiler extension that enforces OTI in the context of dynamic dispatch, which prevents vtable hijacking in this setting. However, this extension does not enforce OTI in context of polymorphism. The contribution of this work is a practical implementation to enable OTI in the context of C++’s run-time type information for the dynamic_cast expressions and the typeid operator.
Item Description:Gesehen am 09.03.2023
Physical Description:Online Resource
DOI:10.11588/emclpp.2023.1.94354

Similar Items