Davi, Lucas ; Dmitrienko, Alexandra ; Egele, Manuel ; Fischer, Thomas ; Holz, Thorsten ; Hund, Ralf ; Nürnberger, Stefan ; Sadeghi, Ahmad-Reza (2011)
POSTER: Control-Flow Integrity for Smartphones.
Konferenzveröffentlichung, Bibliographie
Kurzbeschreibung (Abstract)
Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness.
In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications.
| Typ des Eintrags: | Konferenzveröffentlichung |
|---|---|
| Erschienen: | 2011 |
| Autor(en): | Davi, Lucas ; Dmitrienko, Alexandra ; Egele, Manuel ; Fischer, Thomas ; Holz, Thorsten ; Hund, Ralf ; Nürnberger, Stefan ; Sadeghi, Ahmad-Reza |
| Art des Eintrags: | Bibliographie |
| Titel: | POSTER: Control-Flow Integrity for Smartphones |
| Sprache: | Deutsch |
| Publikationsjahr: | Oktober 2011 |
| Verlag: | ACM |
| Buchtitel: | 18th ACM Conference on Computer and Communications Security (CCS'11) |
| Zugehörige Links: | |
| Kurzbeschreibung (Abstract): | Despite extensive research over the last two decades, runtime attacks on software are still prevalent. Recently, smartphones, of which millions are in use today, have become an attractive target for adversaries. However, existing solutions are either ad-hoc or limited in their effectiveness. In this poster, we present a general countermeasure against runtime attacks on smartphone platforms. Our approach makes use of control-flow integrity (CFI), and tackles unique challenges of the ARM architecture and smartphone platforms. Our framework and implementation is efficient, since it requires no access to source code, performs CFI enforcement on-the-fly during runtime, and is compatible to memory randomization and code signing/encryption. We chose Apple iPhone for our reference implementation, because it has become an attractive target for runtime attacks. Our performance evaluation on a real iOS device demonstrates that our implementation does not induce any notable overhead when applied to popular iOS applications. |
| Freie Schlagworte: | Security |
| ID-Nummer: | TUD-CS-2011-0210 |
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Systemsicherheit LOEWE LOEWE > LOEWE-Zentren LOEWE > LOEWE-Zentren > CASED – Center for Advanced Security Research Darmstadt |
| Hinterlegungsdatum: | 04 Aug 2016 10:13 |
| Letzte Änderung: | 03 Jun 2018 21:31 |
| PPN: | |
| Export: | |
| Suche nach Titel in: | TUfind oder in Google |
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum