Lost Control-Breaking Hardware-Assisted Kernel Control-Flow Integrity with Page-Oriented Programming

Control-Flow Integrity (CFI) has been widely spreading from applications to the kernel to prevent Code Reuse Attacks (CRAs) such as ret2libc and Return-Oriented Programming (ROP). The CFI mechanism is based on the Control-Flow Graph (CFG) created by static analysis. It prevents unintended execution flows that deviate from that and reduces control-flow hijacking essential for CRAs. For this reason, Microsoft Windows and Linux-based operating systems have adopted it. Recently, hardware-based CFI technologies that consist of Indirect Branch Tracking (IBT) and shadow stack emerged to support it. They developed software-based CFIs to hardware-assisted CFIs, which has more strong enforcement. Hypervisor-based integrity protection mechanisms also hardened the CFIs’ policies. These security mechanisms make traditional attack techniques challenging, including control flow hijacking and code manipulation.... By: Seunghun Han Full Abstract and Presentation Materials: #lost-control-breaking-hardware-assisted-kernel-control-flow-integrity-with-page-oriented-programming-32061