Control-Flow Integrity (CFI) is an important security property that needs to be enforced to prevent control-flow hijacking attacks. Recent attacks have demonstrated that existing CFI protections for COTS binaries are too permissive, and vulnerable to sophisticated code reusing attacks. Accounting for control flow restrictions imposed at higher levels of semantics is key to increasing CFI precision. Particularly, virtual function calls in C++ is a popular target for control subversion attacks. C++ compilers utilize virtual tables (VTables) to accomplish virtual function calls. In this presentation, we present our work codenamed vfGuard. Given a C++ binary, vfGuard (1) identifies the virtual function callsites and (2) recovers VTables in the program to provide a strict integrity policy. The policies constructed by vfGuard are sound and over 95% more precise when compared to state-of-the-art binary-only control-flow integrity solutions. Our experiments show an average runtime overhead of 18.3%.
Aravind Prakash earned his Ph.D. from Syracuse University in 2015. His research spans multiple areas of computer and mobile security with emphasis on binary analysis. Along with academic research experience, Aravind brings with him, over a decade of software programming experience.