Date of Award

Fall 11-2023

Document Type

Dissertation

Degree Name

Doctor of Philosophy in Computer Science (PHDCS)

Department

Computer Science

First Advisor

Kyle Cronin

Second Advisor

Tyler Flaagan

Third Advisor

TJ O'Connor

Abstract

Over the years, code reuse attacks such as return-oriented programming (ROP) and jump-oriented programming (JOP) have been a primary target to gain execution on a system via buffer overflow, memory corruption, and code flow hijacking vulnerabilities. However, new CPU-level protections have introduced a variety of hurdles. ARM has designed the “Pointer Authentication” and “Branch Target Identification” mechanisms to handle the authentication of memory addresses and pointers, and Intel has followed through with its Shadow Stack and Indirect Branch Targeting mechanisms, otherwise known as Control-Flow Enforcement Technology. As intended, these protections make it nearly impossible to utilize regular code reuse methods such as ROP and JOP.

The inclusion of these new protections has left gaps in the system's security where the use of function-based code reuse attacks are still possible. This research demonstrates a novel approach to utilizing Function-Oriented Programming (FOP) as a technique to utilize in such environments. The design and creation of the “FOP Mythoclast” tool to identify FOP gadgets within Intel and ARM environments demonstrates not only a proof of concept (PoC) for FOP, but further cements its ability to thrive in diverse constrained environments. Additionally, the demonstration of FOP within the Linux kernel showcases the ability of FOP to excel in complex and real-world situations. This research concludes with potential solutions for mitigating FOP without adversely affecting system performance.

Download

Share

COinS