VPV: Enforcing Secure C++ Dynamic Dispatch by Vtable Pointer Verification.

Saved in:

Bibliographic Details
Title:	VPV: Enforcing Secure C++ Dynamic Dispatch by Vtable Pointer Verification.
Authors:	Xiaokang Fan¹ fanxiaokang@nudt.edu.cn, Sifan Long² 164712110@csu.edu.cn, Chun Huang³ chunhuang@nudt.edu.cn, Canqun Yang³ canqun@nudt.edu.cn
Source:	Engineering Letters. Sep2021, Vol. 29 Issue 3, p936-941. 6p.
Subjects:	Object-oriented programming languages, C++, Flowgraphs
Abstract:	C++ is a very popular object-oriented programming language. Due to its abstraction and high performance, C++ has been widely used in performance critical applications. During the last several years, vtable hijacking attack has become a major attack vector. By corrupting the vtable pointer of a C++ object, an attacker can hijack a virtual call and compromise the control flow of a C++ program. This paper proposes VPV (Vtable Pointer Verification), a new method to mitigate vtable hijacking attacks. The novelty of VPV is that VPV enforces virtual call integrity by verifying the legitimacy of the vtable pointer, which is the key part in vtable hijakcing attacks. We use class hierarchy analysis to build a fine-grained control flow graph, which determines the legitimate targets precisely for each vtable pointer. We designed an efficient runtime verification technique which requires only a range check. The average (maximum) runtime performance overhead incurred is only 1.52% (2.30%). VPV provides precise and efficient protection against vtable hijacking attacks. It is an ideal technique to be applied to production software. [ABSTRACT FROM AUTHOR]
	Copyright of Engineering Letters is the property of International Association of Engineers (IAENG) and its content may not be copied or emailed to multiple sites without the copyright holder's express written permission. Additionally, content may not be used with any artificial intelligence tools or machine learning technologies. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)
Database:	Engineering Source

Description
Abstract:	C++ is a very popular object-oriented programming language. Due to its abstraction and high performance, C++ has been widely used in performance critical applications. During the last several years, vtable hijacking attack has become a major attack vector. By corrupting the vtable pointer of a C++ object, an attacker can hijack a virtual call and compromise the control flow of a C++ program. This paper proposes VPV (Vtable Pointer Verification), a new method to mitigate vtable hijacking attacks. The novelty of VPV is that VPV enforces virtual call integrity by verifying the legitimacy of the vtable pointer, which is the key part in vtable hijakcing attacks. We use class hierarchy analysis to build a fine-grained control flow graph, which determines the legitimate targets precisely for each vtable pointer. We designed an efficient runtime verification technique which requires only a range check. The average (maximum) runtime performance overhead incurred is only 1.52% (2.30%). VPV provides precise and efficient protection against vtable hijacking attacks. It is an ideal technique to be applied to production software. [ABSTRACT FROM AUTHOR]
ISSN:	1816093X