Powered by OpenAIRE graph
Found an issue? Give us feedback
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/ ZENODOarrow_drop_down
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset . 2019
License: CC BY
Data sources: Datacite
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset . 2019
License: CC BY
Data sources: ZENODO
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
ZENODO
Dataset . 2019
License: CC BY
Data sources: Datacite
image/svg+xml art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos Open Access logo, converted into svg, designed by PLoS. This version with transparent background. http://commons.wikimedia.org/wiki/File:Open_Access_logo_PLoS_white.svg art designer at PLoS, modified by Wikipedia users Nina, Beao, JakobVoss, and AnonMoos http://www.plos.org/
https://doi.org/10.5281/zenodo...
Dataset . 2019
License: CC BY
Data sources: Sygma
image/svg+xml Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao Closed Access logo, derived from PLoS Open Access logo. This version with transparent background. http://commons.wikimedia.org/wiki/File:Closed_Access_logo_transparent.svg Jakob Voss, based on art designer at PLoS, modified by Wikipedia users Nina and Beao
Vrije Universiteit Amsterdam (VU Amsterdam) – Research Portal
Dataset
License: unspecified
Data sources: Vrije Universiteit Amsterdam (VU Amsterdam) – Research Portal
 View all 4 versions
Claim

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching - (Evaluation Data)

Research datakeyboard_double_arrow_right Dataset 31 Oct 2019 Netherlands Publisher:ZenodoFunded by:EC | UNICORE
Authors: Pawlowski, Andre; van der Veen, Victor; Andriesse, Dennis; van der Kouwe, Erik; Holz, Thorsten; Giuffrida, Cristiano; Bos, Herbert;

doi: 10.5281/zenodo.3523939 , 10.5281/zenodo.3523938

VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching - (Evaluation Data)

Abstract

Evaluation data of the published paper: "VPS: Excavating High-Level C++ Constructs from Low-Level Binaries to Protect Dynamic Dispatching". The paper was published at the Annual Computer Security Applications Conference (ACSAC) 2019. The paper is available at: https://www.syssec.ruhr-uni-bochum.de/research/publications/VPS/ Ab­stract Po­ly­mor­phism and in­heri­t­an­ce make C++ sui­ta­ble for wri­ting com­plex soft­ware, but si­gni­fi­cant­ly in­crea­se the at­tack sur­face be­cau­se the im­ple­men­ta­ti­on re­li­es on vir­tu­al func­tion ta­bles (vta­bles). These vta­bles con­tain func­tion poin­ters that at­ta­ckers can po­ten­ti­al­ly hi­jack and in prac­tice, vta­ble hi­ja­cking is one of the most im­portant at­tack vec­tor for C++ bi­na­ries. In this paper, we pre­sent VTa­ble Poin­ter Se­pa­ra­ti­on (VPS), a prac­tical bi­na­ry-le­vel de­fen­se against vta­ble hi­ja­cking in C++ ap­p­li­ca­ti­ons. Un­li­ke pre­vious bi­na­ry-le­vel de­fen­ses, which rely on un­sound sta­tic ana­ly­ses to match clas­ses to vir­tu­al call­si­tes, VPS achie­ves a more ac­cu­ra­te pro­tec­tion by re­stric­ting vir­tu­al call­si­tes to va­lidly crea­ted ob­jects. More spe­ci­fi­cal­ly, VPS en­su­res that vir­tu­al call­si­tes can only use ob­jects crea­ted at valid ob­ject con­struc­tion sites, and only if those ob­jects can reach the call­si­te. Mo­re­over, VPS ex­pli­cit­ly prevents false po­si­ti­ves (fal­se­ly iden­ti­fied vir­tu­al call­si­tes) from brea­king the bi­na­ry, an issue exis­ting work does not hand­le cor­rect­ly or at all. We eva­lua­te the pro­to­ty­pe im­ple­men­ta­ti­on of VPS on a di­ver­se set of com­plex, re­al-world ap­p­li­ca­ti­ons (Mon­goDB, MySQL ser­ver, Node.js, SPEC CPU2017/CPU2006), show­ing that our ap­proach pro­tects on aver­a­ge 97.8% of all vir­tu­al call­si­tes in SPEC CPU2006 and 97.4% in SPEC CPU2017 (all C++ bench­marks), with a mo­de­ra­te per­for­mance over­head of 11% and 9% geo­me­an, re­spec­tive­ly. Fur­ther­mo­re, our eva­lua­ti­on re­veals 86 false ne­ga­ti­ves in VTV, a po­pu­lar sour­ce-ba­sed de­fen­se which is part of GCC.

Country
Netherlands
Related Organizations
Keywords

CFI, Binary Analysis

  • BIP!
    Impact byBIP!
    selected citations
    These citations are derived from selected sources.
    This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 0
    popularity
    This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
    		 Average
    influence
    This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
    		 Average
    impulse
    This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
    		 Average
    OpenAIRE UsageCounts
    Usage byUsageCounts
    visibility views 15
  • 15
    views
    Powered byOpenAIRE UsageCounts
Powered by OpenAIRE graph
Found an issue? Give us feedback
visibility
selected citations
These citations are derived from selected sources.
This is an alternative to the "Influence" indicator, which also reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Citations provided by BIP!
popularity
This indicator reflects the "current" impact/attention (the "hype") of an article in the research community at large, based on the underlying citation network.
BIP!Popularity provided by BIP!
influence
This indicator reflects the overall/total impact of an article in the research community at large, based on the underlying citation network (diachronically).
BIP!Influence provided by BIP!
impulse
This indicator reflects the initial momentum of an article directly after its publication, based on the underlying citation network.
BIP!Impulse provided by BIP!
views
OpenAIRE UsageCountsViews provided by UsageCounts
0
Average
Average
Average
15
Funded by
Related to Research communities
Aurora Universities Network
Netherlands Research Portal