Hacker News new | past | comments | ask | show | jobs | submit login

different kinds of CFI have been under active development since 2002 with recent (2013, 2014) deployments to major web browsers like chrome and IE. IE already ships with a forward CFI implementation in windows 10. chrome will probably ship with it real soon now.

before this presentation, the writing was on the wall for code reuse exploits. after this presentation, well, the writing is still on the wall with one more real world system in place.




AFAIK (IE my engineers working on it tell me :P) that CFI was essentially too slow in practice (IE > 5% overhead) until new implementation techniques were developed in the past couple years (literally. I'm pretty sure the last good paper on this was in 2014).

" IE already ships with a forward CFI implementation in windows 10" I didn't think this was true (i thought it was something related to CFI, but not quite), but i'll take your word for it.


pretty much! this 2013 paper added low overhead (4%?) forward and backward CFI at the binary level, tested on internet explorer and firefox: http://www.cs.berkeley.edu/~dawnsong/papers/Oakland2013-CCFI...

this paper (2014) does forward CFI on chrome for 4% overhead: https://www.eecs.harvard.edu/cs261/papers/tice-2014.pdf

IE on windows 8.1 (including adobe flash) is compiled with forward control flow integrity: https://blog.coresecurity.com/2015/03/25/exploiting-cve-2015... note that the exploitation strategy CORE used leveraged JIT, few systems (with some notable exceptions like librando) acknowledge JIT in their work.

so this technology is out there...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: