Today’s Internet connections are prone to attacks related to memory errors, control flow, and exploiting security vulnerabilities. Code reuse attacks include return-into-libc, return-oriented programming (ROP), and memory corruption. This book addresses these attacks and their defenses. It consists of eight research papers in the form of book chapters.
Chapter 1 summarizes ten techniques as defense mechanisms against code reuse and data-only attacks, including discussions of strength, performance overhead, compatibility, and weaknesses. Chapter 2 describes modular control-flow integrity (CFI) systems that efficiently construct control-flow graphs supporting just-in-time (JIT) compilation and multithreading.
Chapter 3 presents “three ways to bypass diversity-type mitigations”: target unprotected areas, employ brute force guessing, and rely on information leakage. Further, the authors suggest adding security aspects to languages by deploying better mitigations, changing the source code, or withdrawing the C/C++ code legacy. Chapter 4 introduces code-pointer integrity (CPI) and code-pointer separation (CPS), which guarantee strong protection against control-flow hijacks, incur low overhead, and allow changes in writing program code.
Chapter 5 is on creating proof-of-concept exploits and powerful code-reuse payloads “using well-known memory corruption bugs and gadgets.” It highlights security aspects and identifies misconceptions on the offered guarantees. Chapter 6 details the framework of the attacker model for counterfeit object-oriented programming (COOP), loopless COOP, and code-reuse COOP attacks.
Chapter 7 discusses an enhanced hardware CFI model that supports multitasking and shared libraries and prevents code-reuse attacks. Chapter 8 focuses on multi-variant execution environments (MVEEs), emphasizing memory safety while providing defenses against attacks such as code reuse, information leakage, stack buffer overflows, and code injection.
This is an interesting read for professionals and academics who are working in the area of code-reuse attacks and developing attacker models. The presentation of the attacker model, extensive references, and contributor biographies make this book worth reading.