Danfeng (Daphne) Yao

Abstract

Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming (BOP) attacks, to their assumptions/requirements and attack capabilities. Then, we compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. It is generally believed that control flows may not be useful for data-oriented security. However, data-oriented attacks (especially DOP attacks) may generate side effects on control-flow behaviors in multiple dimensions (i.e., incompatible branch behaviors and frequency anomalies). We also characterize control-flow anomalies caused by data-oriented attacks. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.

People

Danfeng (Daphne) Yao


Publication Details

Date of publication:
September 2, 2021
Journal:
ACM Transactions on Privacy and Security
Page number(s):
1-36
Volume:
24
Issue Number:
Issue 4: Article No. 26
Publication note:

Long Cheng, Ke Tian, Danfeng Daphne Yao, Lui Sha, Raheem A. Beyah: Checking is Believing: Event-Aware Program Anomaly Detection in Cyber-Physical Systems. IEEE Trans. Dependable Secur. Comput. 18(2): 825-842 (2021)