@inproceedings{bf189fb1b15d420f938e989564dfed91,
title = "Dynamic Binary Instrumentation Based Defense Solution against Virtual Function Table Hijacking Attacks at C++ Binary Programs",
abstract = "Memory corruption bugs are one of the most critical vulnerabilities in software security, which can be exploited to overwrite virtual tables (vtables) or virtual table pointers (vfptrs) and finally gain control over the programs at virtual function call sites (vtable hijacking). In this paper, we propose a novel approach to detect vtable hijacking attacks against C++ binary executables. We first analyze the programs to get vtable information of each class, and backup the original vtables and vfptrs at runtime, then instrument security checks dynamically before virtual function dispatches to validate vtables' integrity. We implement the proposed approach as a tool and use it to successfully detect vtable hijacking attacks on the version 11 of Microsoft's Internet Explorer.",
keywords = "C++ binary executable, Internet Explorer, dynamic binary instrumentation, virtual function table hijacking",
author = "Yong Wang and Ming Li and Hailin Yan and Zhenyan Liu and Jingfeng Xue and Changzhen Hu",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2015 ; Conference date: 04-11-2015 Through 06-11-2015",
year = "2015",
doi = "10.1109/3PGCIC.2015.102",
language = "English",
series = "Proceedings - 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "430--434",
editor = "Fabrizio Messina and Fatos Xhafa and Ogiela, {Marek R.} and Leonard Barolli",
booktitle = "Proceedings - 2015 10th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing, 3PGCIC 2015",
address = "United States",
}