Abstract

Abstract: Code reuse attacks (Return Oriented Programming, etc) have become one the key tools in the arsenal of attackers who are retrying to subvert remote systems through technical means. A new defensive technique, called Code Pointer Integrity, or CPI was proposed this past summer. It has the attractive property of being implemented wholly in software, seeming to offer broad coverage against code reuse attacks while imposing modest performance penalties (~6%). In an upcoming paper, our group demonstrated a technique for bypassing CPI . I will explain how code reuse attacks work, how CPI was supposed to prevent them, and how we bypassed CPI . I will also outline some work that we are currently conducting that uses a simple hardware architectural extension to prevent against both code reuse and code injection attacks (and probably other types of attacks as well).

This work grew out of an attempt to harvest some of the simpler ideas explored in DARPA ’s CRASH program (of which I was the program manager). I share some personal reflections on the CRASH program and what it produced.