Data Is Flowing in the Winda Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks
- Irene Díez-Franco 1
- Igor Santos 1
-
1
Universidad de Deusto
info
- Manuel Graña (coord.)
- José Manuel López-Guede (coord.)
- Oier Etxaniz (coord.)
- Álvaro Herrero (coord.)
- Héctor Quintián (coord.)
- Emilio Corchado (coord.)
Editorial: Springer Suiza
ISBN: 978-3-319-47364-2, 3-319-47364-6, 978-3-319-47363-5, 3-319-47363-8
Año de publicación: 2017
Páginas: 536-546
Congreso: International Conference on Computational Intelligence in Security for Information Systems (9. 2016. San Sebastián)
Tipo: Aportación congreso
Resumen
Security researchers have been focusing on developing mitigation and protection mechanisms against code-injection and code-reuse attacks. Modern defences focus on protecting the legitimate control-flowof a program, nevertheless they cannot withstand a more subtle type of attack, non-control-data attacks, since they follow the legitimate control flow, and thus leave no trace. Data-Flow Integrity(DFI) is a defence mechanism which aims to protect programs against non-control-data attacks. DFI uses static analysis to compute the data-flow graph of a program, and then, enforce at runtime that the data-flow of the program follows the legitimate path; otherwise the execution is aborted.In this paper, we review the state of the techniques to generate non-control-data attacks and present the state of DFI methods.