Software Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity
AuthorsOyinloye, Toyosi A.
MetadataShow full item record
AbstractComputer technologies hinge on the effective functionality of the software component. Unfortunately, software code may have flaws that cause them to be vulnerable and exploitable by attackers. Software exploitation could involve a hijack of the application and deviation of the flow of its execution. Whenever this occurs, the integrity of the software and the underlying system could be compromised. For this reason, there is a need to continually develop resilient software protection tools and techniques. This report details an in-depth study of software exploitation and software protection measures. Efforts in the research were geared towards finding new protection tools for vulnerable software. The main focus of the study is on the problem of Control Flow Hijacks (CFH) against vulnerable software, particularly for software that was built and executed on the RISC-V architecture. Threat models that were addressed are buffer overflow, stack overflow, return-to-libc, and Return Oriented Programming (ROP). Whilst the primary focus for developing the new protection was on RISC-V-based binaries, programs that were built on the more widespread x86 architecture were also explored comparatively in the course of this study. The concept of Control Flow Integrity (CFI) was explored in the study and a proof-of-concept for mitigating ROP attacks that result in Denial of Service is presented. The concept of CFI involves the enforcement of the intended flow of execution of a vulnerable program. The novel protection is based on the CFI concept combined with Inter-process signalling (named Inter-Process Control Flow Integrity (IP-CFI)). This technique is orthogonal to well-practised software maintenance such as patching/updates and is complementary to it providing integrity regardless of exploitation path/vector. In evaluating the tool, it was applied to vulnerable programs and found to promptly identify deviations in vulnerable programs when ROP attacks lead to DoS with an average runtime overhead of 0.95%. The system on which the software is embedded is also protected as a result of the watchdog in the IP-CFI where this kind of attack would have progressed unnoticed. Unlike previous CFI models, IP-CFI extends protection outside the vulnerable program by setting up a mutual collaboration between the protected program and a newly written monitoring program. Products derived in this study are software tools in the form of various Linux scripts that can be used to automate several functionalities, two RISC-V ROP gadget finders (RETGadgets & JALRGadget), and the software protection tool IP-CFI. In this report, software is also referred to as binary, executable, application, program or process.
CitationOyinloye, Toyosi A. (2023). Software Exploitation and Software Protection Measures Enhancing Software Protection via Inter-Process Control Flow Integrity [Unpublished doctoral thesis]. University of Chester.
PublisherUniversity of Chester
TypeThesis or dissertation
The following license files are associated with this item:
- Creative Commons
Except where otherwise noted, this item's license is described as Attribution-NonCommercial-NoDerivatives 4.0 International
Showing items related by title, author, creator and subject.
Towards Organisational Learning Enhancement: Assessing Software Engineering PracticeFannoun, Sufian; Kerins, John; University of Chester (Emerald, 2018-12-17)Purpose – Issues surrounding knowledge management, knowledge transfer and learning within organisations challenge continuity and resilience in the face of changing environments. While initiatives are principally applied within large organisations, there is scope to assess how the processes are handled within small and medium enterprises (SMEs) and to consider how they might be enhanced. This paper presents an evaluation of practice within an evolving software development unit to determine what has been learned and how the knowledge acquired has been utilised to further organisational development. These results provide the basis for the design and implementation of a proposed support tool to enhance professional practice. Design/methodology/approach – A small software development unit, which has successfully delivered bespoke systems since its establishment a number of years ago, was selected for analysis. The unit operates as a team whose actions and behaviours were identified and validated by the following means: in-depth interviews were carried out with each member of the team to elicit an understanding of individual and collective development. Interview data were recorded and transcribed and subjected to qualitative analysis to identify key themes underpinning knowledge acquisition and utilisation. Samples of project documentation were scrutinised to corroborate interview data. After analysing the data, a focus-group meeting was held to validate the results and to generate further insights into learning within the team. Findings - Qualitative analysis of the data revealed key changes in thinking and practice within the team as well as insight into the development of individual and collective contextual knowledge, tacit understanding and learning. This analysis informed the proposal of a bespoke, lightweight, web-based system to support knowledge capture and organisational learning (OL). This approach has the potential to promote resilience and to enhance practice in similar small or start-up enterprises. Research limitations/implications – Purposeful sampling was used in selecting a small software development team. This enabled in-depth interviewing of all members of the team. This offered a rich environment from which to derive awareness and understanding of individual and collective knowledge acquisition and learning. Focusing on a single small enterprise limits the extent to which the findings can be generalised. However, the research provides evidence of effective practice and learning and has identified themes for the development of a support tool. This approach can be extended to similar domains to advance research into learning and development. Practical implications – Results of the work undertaken so far have generated promising foundations for the proposed support tool. This offers software developers a system within which they can reflect upon, and record, key learning events affecting technical, managerial and professional practice. Originality/value – Small enterprises have limited resources to support OL. The qualitative research undertaken so far has yielded valuable insight into the successful development of a single software development team. The construction of a support tool to enhance knowledge acquisition and learning has the capacity to consolidate valuable, and potentially scarce, expertise. It also has the potential to facilitate further research to determine how the prototype might be extended or revised to improve its contribution to the team’s development.
Towards Effective Project Management and Knowledge Transfer Enhancement: A Novel System Capturing and Modelling Knowledge Acquired in a Software Development PracticeKerins, John; Rayner, Linda; John, Nigel; Fannoun, Sufian (University of Chester, 2021-03)The practice of software project management evolves alongside emerging new technologies such as advances in new tools and resources in Application Programming Interfaces (APIs) and machine learning applications. This thesis evaluates the ways in which a small software development unit, characteristics of other small enterprises, has embraced emerging trends in the development of digital technologies in order to establish and maintain successful practice. A qualitative research approach was adopted to elicit an understanding of the critical knowledge acquired as the unit developed and its members become effective practitioners. The research identifies and analyses the acquired knowledge that underpins successful practice, and uses the results of this analysis to propose a support system to enhance future practice. This is a challenge is that there is limited evidence of Small and Medium Enterprises (SMEs) engaging in knowledge management (KM) or in organisational learning (OL) initiatives. In developing projects, smaller software development organisations rely on implicit knowledge and Agile to resolve complexity. Consequently, and specifically in a small business, the development of this bespoke system, represents a novel approach to Knowledge Management (KM) and Organisational Learning (OL). Projects were identified as key sources and locus of development, innovation knowledge, skills, know-how and learning within the unit. This outcome has reinforced the proposal for a links-based system around individual projects. As in Chapter Nine, the system is as a web-based repository of project templates. The templates capture key insights into critical decisions and significant advances in current practice that arise from work within individual projects. The proposed system captures the unit’s knowledge. In addition, it provides an accessible resource that not only supports critical reflection and decision making but also retains key aspects of organisational learning (OL) and know-how. Further, while complementing continuing implicit learning, it has the further benefit of maintaining organisational resilience where individuals’ skills may be lost or where the unit faces high staff turnover. Moreover, the system can serve to induct newcomers to the unit. Accordingly, for a small software development unit with no prior knowledge management initiative or system in place, the research’s immediate contribution is through modelling, capturing and representing the acquired knowledge. This thesis provides insights into the management of software project knowledge through web technology. The prototype was successfully designed, implemented, evaluated and made available to the research unit working group. Such a system provides an effective measure for application at organisational and project levels, the evaluation of practice and the reuse of project knowledge to improve performance and effective practice. A further contribution made by this research is in revealing the range of the acquired knowledge, the know-how and the soft skills that complement the technical skills of software development within the research unit. The set of know-how and soft skills could be valuable where measures for effective professional practice are required. The analysed data revealed the range of capabilities the members developed to enable the application of implicit knowledge. Such insights, perceptions, and understanding enabled them to engage with clients, as well as manage risks and changes, assist key business processes and, importantly, deliver projects successfully. These skills contribute to the members’ individual professional development and capabilities. These might be termed Confidence, Relationships, Communication and Self-Management, Cooperation and Teamwork. Similarly, the research revealed the range of Know-How the members have developed. This range would include Understanding of Business Processes, Experimentation and Problem Solving, Reusing of Project Knowledge, Establishing and Marinating Quality, Project Time Estimates, and Learning from Project Failure the thesis also highlights the additional range of critical knowledge encapsulated within projects. This knowledge specifically related to Business Processes, Business Domains, Client and Working Environment. Such contextual implicit knowledge is part of the critical knowledge the practitioners acquired. Consequently, a model of successful practice within the unit was then built upon facets of this salient knowledge. An evaluation provided feedback on the system and assessed its suitability for the research unit. The unit members were satisfied with how the prototype restricted the key elements related to their knowledge and practice without duplicating information and acknowledged that it was the knowledge management system that best suits their needs. A focus group meeting with another similar software development unit highlighted and validated commonalities and differences in experience and in the nature of the individual organisations. The findings suggest that the proposed approach to recognising and utilising knowledge for transfer, reuse and consolidating effective practice is, potentially, extendable to similar domains. Continued research would explore the wider generalisability of this approach. Further research would explore extensions or revisions of the prototype that might further clarify the benefits and limitations of such an approach as well as providing a model for knowledge management in similar small-scale environments. This research might also serve as a template or road map for the implementation of KM initiatives elsewhere, such as start-up companies where there is a lack of software development expertise. Furthermore, the proposed system could serve as a model for the development of comparable systems in organisations where projects form the core of their work.
Watchdog Monitoring for Detecting and Handling of Control Flow Hijack on RISC-V-based BinariesOyinloye, Toyosi; Speakman, Lee; Eze, Thaddeus; O'Mahony, Lucas; University of Chester; University of Salford (SAI Organization, 2022-08-31)Abstract—Control flow hijacking has been a major challenge in software security. Several means of protections have been developed but insecurities persist. This is because existing protections have sometimes been circumvented while some resilient protections do not cover all applications. Studies have revealed that a holistic way of tackling software insecurity could involve watchdog monitoring and detection via Control Flow Integrity (CFI). The CFI concept has shown a good measure of reliability to mitigate control flow hijacking. However, sophisticated attack techniques in the form of Return Oriented Programming (ROP) have persisted. A flexible protection is desirable, which not only covers as many architecture structures as possible but also mitigates known resilient attacks like ROP. The solution proffered here is a hybrid of CFI and watchdog timing via inter-process signaling (IP-CFI). It is a software-based protection that involves recompilation of the target program. The implementation here is on vulnerable RISC-V-based process but is flexible and could be adapted on other architectures. We present a proof of concept in IP-CFI which when applied to a vulnerable program, ROP is mitigated. The target program incurs a run-time overhead of 1.5%. The code is available.