• Title/Summary/Keyword: IFCC(Indirect Function Call Checks)

Search Result 1, Processing Time 0.019 seconds

A Study of Attacks to Bypass CFI on Android Application Environment (안드로이드 애플리케이션 환경에서 CFI 우회 공격기법 연구)

  • Lee, Ju-yeop;Choi, Hyoung-kee
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.5
    • /
    • pp.881-893
    • /
    • 2020
  • CFI(Control Flow Integrity) is a mitigation mechanism that protects programs by verifying control flows. IFCC(Indirect Function Call Checks) and SCS(Shadow Call Stack), CFI supported by LLVM Clang compiler, were introduced to protect applications in Android. IFCC protects function calls and SCS protects function returns. In this paper, we propose attacks to bypass CFI on the application environment with IFCC and SCS. Even if IFCC and SCS were applied to user applications, it was confirmed that there were many code segments not protected by IFCC and SCS in the application memory. We execute code in CFI unprotected segments to construct 1) bypassing IFCC to call a protected function, 2) modulating return address via SCS bypass. We identify code segments not protected by IFCC and SCS in Android10 QP1A. 191005.007.A3. We also implement proof-of-concept exploits to demonstrate that modulation of control flow is possible in an environment where IFCC and SCS are applied.