Ancile: Attack Surface Reduction Through Application Specialization
Primary Investigator:
Mathias Payer
Nathan Burow
Abstract
Control-Flow Hijacking (CFH), and in particular code-reuse attacks, remain the most common attack vector against C/C++ programs. I present Ancile which implements the required functionality analysis, achieves significantly smaller subset of functions by specializing the code. This makes security critical functions more difficult for attackers to reach, substantially raising the bar for CFH attacks. I believe that automatically specializing code for particular usage scenario is a promising new technique for software security, and one that can achieve greater security than static analysis without requiring extra system resources.