Umeå University's logo

umu.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
The Efficacy of Forward-Edge Control-Flow Integrity in Mitigating Memory Corruption Vulnerabilities: The Case of the Android Stack
Umeå University, Faculty of Science and Technology, Department of Computing Science.
2023 (English)Independent thesis Basic level (degree of Bachelor), 10 credits / 15 HE creditsStudent thesis
Abstract [en]

Memory corruption is one of the oldest and most prominent problems in the field of computer security. In order to protect the vulnerabilities that arise from memory corruption, a mitigation technique called Control-flow Integrity (CFI) was developed. The Android Open Source Project utilizes a specific implementation of the CFI policy called forward-edge CFI in the compilation of the Android system. However, memory corruption vulnerabilities are still a problem for Android systems. This raises the question: Is forward-edge CFI really effective in mitigating memory corruption vulnerabilities?

In this research, the efficacy of forward-edge CFI in terms of mitigating memory corruption vulnerabilities in Android systems is analyzed. This is done by analyzing nine Common Vulnerabilities and Exposures (CVE) in terms of how they can be exploited and whether forward-edge CFI could mitigate them. Additionally, the Android binaries containing the vulnerabilities are analyzed in an attempt to detect the presence of CFI instrumentation.

CFI was detected in one of nine vulnerable Android binaries, implying that there exist memory corruption vulnerabilities that forward-edge CFI definitely can not protect. The analysis of nine CVEs showed that five CVEs could be mitigated by forward-edge CFI. These results indicate that forward-edge CFI could definitely mitigate a portion of the memory corruption vulnerabilities plaguing Android systems. However, in order to protect a greater portion of memory corruption vulnerabilities, forward-edge CFI should be combined with other mitigation techniques such as Shadow Stacks.
Place, publisher, year, edition, pages
2023. , p. 25
Series
UMNAD ; 1388
Keywords [en]
control-flow integrity, CFI, control-flow graph, CFG, memory corruption, Android, vulnerability, android vulnerability, computer security
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:umu:diva-209779OAI: oai:DiVA.org:umu-209779DiVA, id: diva2:1767281
External cooperation
Omegapoint Group AB
Educational program
Bachelor of Science Programme in Computing Science
Supervisors
Examiners
Available from: 2023-06-14 Created: 2023-06-14 Last updated: 2023-06-15Bibliographically approved

Open Access in DiVA

fulltext(2448 kB)334 downloads
File information
File name FULLTEXT01.pdfFile size 2448 kBChecksum SHA-512
011167c3e9483c94922a5f65888724d1bdfc590ec451e1953752124f3db5d59f9d03ea676be6e7349464c825f13ee9e0727c80c480c69c72fb56e1f584dbd97b
Type fulltextMimetype application/pdf

By organisation
Department of Computing Science
Computer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 334 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

urn-nbn

Altmetric score

urn-nbn
Total: 558 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.46.0
|
WCAG
|
Umeå University Library
|
Register in DiVA
|
Support
|
Search DiVA Portal