Thursday, December 11, 2014

New security feature - Control Flow Guard (CFG) - available in Visual Studio 2015 Preview

This blog announced that the Preview for Visual Studio 2015 includes a new, work-in-progress feature, called Control Flow Guard (CFG). 


It says 
"Whilst compiling and linking code, it analyzes and discovers every location that any indirect-call instruction can reach.  It builds that knowledge into the binaries (in extra data structures).  It also injects a check, before every indirect-call in your code, that ensures the target is one of those expected, safe, locations.  If that check fails at runtime, the Operating System closes the program"


I will evaluate this, e.g. performance impact and effectiveness against JOP/ROP attacks, when I'm free, and update this post then :-)

Update:
MJ0011, "Windows 10 Control Flow Guard Internals"
http://webhard.milkgun.kr/%EC%9E%90%EB%A3%8C/POC%202014/MJ0011%20-%20Windows%2010%20Control%20Flow%20Guard%20Internals.pdf


No comments:

Post a Comment