SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks

Author(s): Dongseok Jang, Zachary Tatlock, Sorin Lerner

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

We present SafeDispatch, a defense to prevent C++ vtable hijacking attacks that take over the control flow of a program via corrupted vtable pointers. SafeDispatch inserts dynamic checks to ensure that virtual call targets are type-safe based on class-hierarchy information. Chromium hardened with SafeDispatch has 2.1% runtime overhead after optimizations.