We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Lost Control-Breaking Hardware-Assisted Kernel Control-Flow Integrity with Page-Oriented Programming
Breach kernel control-flow integrity using page-oriented programming, a technique that can bypass hardware-assisted enforcement of strong control-flow policies.
- Proteins enable breaking of hardware-assisted kernel control flow integrity using page-oriented programming.
- Hardware-assisted control flow integrity (CFI) enforces strong CFI policies using Intel’s CET and Microsoft’s CFG, but page-oriented programming (POP) can bypass this enforcement.
- POP uses page-level gadgets and remapping to create new control flows under CFI enforcement.
- Hardware-based CFI focuses on indirect branches, while software-based CFI ensures non-write-over code, but POP exploits weaknesses in both.
- POP exploits existing kernel vulnerabilities, such as memory read and write vulnerabilities, to train gadgets and system cores.
- Page-oriented programming can make new control flows under CFI enforcement, enabling unauthorized code modification and injection.
- The hypervisor non-write-over code mechanism and hardware-assisted CFI are effective in preventing unauthorized code modification and injection, but can be bypassed using POP.
- The presentation highlights the importance of understanding page-oriented programming in order to break hardware-assisted kernel control flow integrity.