<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">2015-09-01 11:38 GMT+08:00 John Criswell <span dir="ltr"><<a href="mailto:jtcriswel@gmail.com" target="_blank">jtcriswel@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><span>
<div>On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev
wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I want to create an experiment to show the
effectiveness of cfi :
<div>For example , </div>
<div>I first need a program with vulnerability so that we can
hijack its control flow;</div>
<div><br>
</div>
<div>then I enforce cfi of llvm and we can't hijack its control
flow.</div>
<div><br>
</div>
<div>Do you have any advice for me?</div>
</div>
</blockquote>
<br></span>
The CFI implementation we updated to work with x86-64 for the KCoFI
project is available at <a href="https://github.com/jtcriswell/SVA" target="_blank">https://github.com/jtcriswell/SVA</a>. You'll
need to create the exploit code (and potentially the vulnerability)
yourself. If you read the literature on CFI and memory safety (some
of which is cataloged at <a href="http://sva.cs.illinois.edu/menagerie" target="_blank">http://sva.cs.illinois.edu/menagerie</a>), you
should be able to find programs and vulnerabilities that have been
used in such experiments.<br>
<br></div></blockquote><div>I think there are lots of program fragment in the literature. Is there any complete program to show that cfi can protect control flow? </div><div>It's just a basic theory display, not academic paper!</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">
That said, doing an experiment will not show that CFI is effective;
it will only show that CFI stops that one particular attack that you
are demonstrating. While this was done in past research papers, it
was only done because it was one of the few methods of evaluating
CFI available. More recent work is showing the deficiencies of
evaluating CFI in this way (in a nutshell, simple CFI defenses can
be thwarted).<br>
<br>
Determining how to measure the effectiveness of defenses against
code-reuse attacks (such as Return-Oriented programming, Return to
Libc attacks, and Non-Control data attacks) </div></blockquote><div>I don't think Non-Control data attacks is a kind of code-reuse attack. It is better to call it Data-Oriented attacks.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000">is an active area of
research. My students and I are working to devise methods of
evaluating defenses, but as the work is in its very early stages,
that's all I can say about it at present.<br>
<br></div></blockquote><div>This is an interesting topic I think. </div><div>Thank you for your reply. </div><div> - mudongliang</div></div><br></div></div>