Publikationen

Art der Publikation: Beitrag in Sammelwerk

Subversive-C: Abusing and Protecting Dynamic Message Dispatch

Autor(en):
Lettner, Julian; Kollenda, Benjamin; Homescu, Andrei; Larsen, Per; Schuster, Felix; Davi, Lucas; Sadeghi, Ahmad-Reza; Holz, Thorsten; Franz, Michael
Titel des Sammelbands:
Proc. of USENIX Annual Technical Conference (ATC)
Veröffentlichung:
2016
Link zum Volltext:
https://www.usenix.org/node/196213
Zitation:
Download BibTeX

Kurzfassung

The lower layers in the modern computing infrastructure are written in languages threatened by exploitation of memory management errors. Recently deployed exploit mitigations such as control-flow integrity (CFI) can prevent traditional return-oriented programming (ROP) exploits but are much less effective against newer techniques such as Counterfeit Object-Oriented Programming (COOP) that execute a chain of C++ virtual methods. Since these methods are valid control-flow targets, COOP attacks are hard to distinguish from benign computations. Code randomization is likewise ineffective against COOP. Until now, however, COOP attacks have been limited to vulnerable C++ applications which makes it unclear whether COOP is as general and portable a threat as ROP.

This paper demonstrates the first COOP-style exploit for Objective-C, the predominant programming language on Apple’s OS X and iOS platforms. We also retrofit the Objective-C runtime with the first practical and efficient defense against our novel attack. Our defense is able to protect complex, real-world software such as iTunes without recompilation. Our performance experiments show that the overhead of our defense is low in practice.