An essential step in most software attacks such as buffer overflows is to hijack a victim program’s control flow to jump to malicious code. Control-Flow Integrity (CFI) is effective against such attacks. It inlines checks into a program so that the program’s execution always follows a pre-determined Control-Flow Graph (CFG). In this talk, we present how to extend CFI to protect dynamic code, including dynamically loaded libraries and code that is generated on-the-fly by just-in-time compilation. We discuss how a runtime system is used to dynamically construct and refine the CFG for the protected program as new code is loaded or generated. This talk will focus on challenges and lessons learned in this effort.

Bio:

Dr. Gang Tan is the James F. Will Career Development Associate Professor in Computer Science and Engineering at Pennsylvania State University, PA. He leads the Security of Software (SOS) Lab. His research is at the interface between computer security, programming languages, and formal methods. He received his bachelor’s degree in Computer Science with honors from Tsinghua University in 1999 and his Ph.D. degree from Princeton University in 2005. He has received an NSF CAREER award, two Google Research Awards, and a Francis Upton Graduate Fellowship.

Dr. Gang Tan is the James F. Will Career Development Associate Professor in Computer Science and Engineering at Pennsylvania State University, PA. He leads the Security of Software (SOS) Lab. His research is at the interface between computer security, programming languages, and formal methods. He received his bachelor’s degree in Computer Science with honors from Tsinghua University in 1999 and his Ph.D. degree from Princeton University in 2005. He has received an NSF CAREER award, two Google Research Awards, and a Francis Upton Graduate Fellowship.