Lost Control-Breaking Hardware-Assisted Kernel Control-Flow Integrity with Page-Oriented Programming

Control-Flow Integrity (CFI) has been widely spreading from applications to the kernel to prevent Code Reuse Attacks (CRAs) such as ret2libc and Return-Oriented Programming (ROP). The CFI mechanism is based on the Control-Flow Graph (CFG) created by static analysis. It prevents unintended execution flows that deviate from that and reduces control-flow hijacking essential for CRAs. For this reason, Microsoft Windows and Linux-based operating systems have adopted it. Recently, hardware-based CFI technologies that consist of Indirect Branch Tracking (IBT) and shadow …

analysis applications attacks breaking code code reuse control flow graph hardware integrity kernel lost mechanism page programming return reuse rop static analysis