Loading...
Software Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity
Oyinloye, Toyosi A.
Oyinloye, Toyosi A.
Advisors
Editors
Other Contributors
Affiliation
EPub Date
Publication Date
2023-08
Submitted Date
Collections
Files
Loading...
Thesis
Adobe PDF, 6.05 MB
Other Titles
Abstract
Computer technologies hinge on the effective functionality of the software component. Unfortunately, software code may have flaws that cause them to be vulnerable and exploitable by attackers. Software exploitation could involve a hijack of the application and deviation of the flow of its execution. Whenever this occurs, the integrity of the software and the underlying system could be compromised. For this reason, there is a need to continually develop resilient software protection tools and techniques. This report details an in-depth study of software exploitation and software protection measures. Efforts in the research were geared towards finding new protection tools for vulnerable software. The main focus of the study is on the problem of Control Flow Hijacks (CFH) against vulnerable software, particularly for software that was built and executed on the RISC-V architecture. Threat models that were addressed are buffer overflow, stack overflow, return-to-libc, and Return Oriented Programming (ROP). Whilst the primary focus for developing the new protection was on RISC-V-based binaries, programs that were built on the more widespread x86 architecture were also explored comparatively in the course of this study.
The concept of Control Flow Integrity (CFI) was explored in the study and a proof-of-concept for mitigating ROP attacks that result in Denial of Service is presented. The concept of CFI involves the enforcement of the intended flow of execution of a vulnerable program. The novel protection is based on the CFI concept combined with Inter-process signalling (named Inter-Process Control Flow Integrity (IP-CFI)). This technique is orthogonal to well-practised software maintenance such as patching/updates and is complementary to it providing integrity regardless of exploitation path/vector. In evaluating the tool, it was applied to vulnerable programs and found to promptly identify deviations in vulnerable programs when ROP attacks lead to DoS with an average runtime overhead of 0.95%. The system on which the software is embedded is also protected as a result of the watchdog in the IP-CFI where this kind of attack would have progressed unnoticed. Unlike previous CFI models, IP-CFI extends protection outside the vulnerable program by setting up a mutual collaboration between the protected program and a newly written monitoring program. Products derived in this study are software tools in the form of various Linux scripts that can be used to automate several functionalities, two RISC-V ROP gadget finders (RETGadgets & JALRGadget), and the software protection tool IP-CFI. In this report, software is also referred to as binary, executable, application, program or process.
Citation
Oyinloye, Toyosi A. (2023). Software Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity [Unpublished doctoral thesis]. University of Chester.
Publisher
University of Chester
Journal
Research Unit
DOI
PubMed ID
PubMed Central ID
Type
Thesis or dissertation
Language
en