Research on the defense method of vtable hijacking

Wang Zixiang; Shan Chun; Xue Jingfeng; Sun Shiyouhu Changzhen

doi:10.14257/ijsia.2016.10.11.22

Research on the defense method of vtable hijacking

Wang Zixiang^*, Shan Chun, Xue Jingfeng, Sun Shiyouhu Changzhen

^*Corresponding author for this work

School of Computer Science and Technology

Beijing Institute of Technology

Research output: Contribution to journal › Article › peer-review

1 Citation (Scopus)

Abstract

Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

Original language	English
Pages (from-to)	267-280
Number of pages	14
Journal	International Journal of Security and its Applications
Volume	10
Issue number	11
DOIs	https://doi.org/10.14257/ijsia.2016.10.11.22
Publication status	Published - 2016

Keywords

Memory corruption vulnerability
Software security
Virtual function table hijacking attack

Access to Document

10.14257/ijsia.2016.10.11.22

Cite this

@article{723f7df7e07d45a482f79505178c8003,

title = "Research on the defense method of vtable hijacking",

abstract = "Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.",

keywords = "Memory corruption vulnerability, Software security, Virtual function table hijacking attack",

author = "Wang Zixiang and Shan Chun and Xue Jingfeng and Changzhen, {Sun Shiyouhu}",

note = "Publisher Copyright: {\textcopyright} 2016 SERSC.",

year = "2016",

doi = "10.14257/ijsia.2016.10.11.22",

language = "English",

volume = "10",

pages = "267--280",

journal = "International Journal of Security and its Applications",

issn = "1738-9976",

publisher = "Science and Engineering Research Support Society",

number = "11",

}

TY - JOUR

T1 - Research on the defense method of vtable hijacking

AU - Zixiang, Wang

AU - Chun, Shan

AU - Jingfeng, Xue

AU - Changzhen, Sun Shiyouhu

PY - 2016

Y1 - 2016

N2 - Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

AB - Memory corruption vulnerability is an oldest type of vulnerabilities in software vulnerabilities. Attackers typically use a technique called virtual function table hijacking to exploit memory corruption vulnerability. In this paper, we propose a defense method which extracting virtual function tables and virtual function call related location information from the binary program. Then instrumenting identifier on vtables or backuping the vtables' pointers to detect vtables' integrity. Finally, the defense method is verified by Firefox, Chrome, IE browsers. Experiments show that the method can fully and effectively defend the real-world virtual function table hijacking attack with the small performance overhead and good compatibility.

KW - Memory corruption vulnerability

KW - Software security

KW - Virtual function table hijacking attack

UR - http://www.scopus.com/inward/record.url?scp=85018212534&partnerID=8YFLogxK

U2 - 10.14257/ijsia.2016.10.11.22

DO - 10.14257/ijsia.2016.10.11.22

M3 - Article

AN - SCOPUS:85018212534

SN - 1738-9976

VL - 10

SP - 267

EP - 280

JO - International Journal of Security and its Applications

JF - International Journal of Security and its Applications

IS - 11

ER -

Research on the defense method of vtable hijacking

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this