You must login to view this content
You must login to view this content
You must login to view this content
You must login to view this content
Session 13D: Software Security: Code and Compiler
Authors, Creators & Presenters: Nicolas Badoux (EPFL), Flavio Toffalini (Ruhr-Universität Bochum, EPFL), Yuseok Jeon (UNIST), Mathias Payer (EPFL)
PAPER
type++: Prohibiting Type Confusion with Inline Type Information
Type confusion, or bad casting, is a common C++ attack vector. Such vulnerabilities cause a program to interpret an object as belonging to a different type, enabling powerful attacks, like control-flow hijacking. C++ limits runtime checks to polymorphic classes because only those have inline type information. The lack of runtime type information throughout an object's lifetime makes it challenging to enforce continuous checks and thereby prevent type confusion during downcasting. Current solutions either record type information for all objects disjointly, incurring prohibitive runtime overhead, or restrict protection to a fraction of all objects. Our C++ dialect, type++, enforces the paradigm that each allocated object involved in downcasting carries type information throughout its lifetime, ensuring correctness by enabling type checks wherever and whenever necessary. As not just polymorphic objects but all objects are typed, all down-to casts can now be dynamically verified. Compared to existing solutions, our strategy greatly reduces runtime cost and enables type++ usage both during testing and as mitigation. Targeting SPEC CPU2006 and CPU2017, we compile and run 2,040 kLoC, while changing only 314 LoC. To help developers, our static analysis warns where code changes in target programs may be necessary. Running the compiled benchmarks results in negligible performance overhead (1.19% on SPEC CPU2006 and 0.82% on SPEC CPU2017) verifying a total of 90B casts (compared to 3.8B for the state-of-the-art, a 23× improvement). type++ discovers 122 type confusion issues in the SPEC CPU benchmarks among which 62 are new. Targeting Chromium, we change 229 LoC out of 35 MLoC to protect 94.6% of the classes that could be involved in downcasting vulnerabilities, while incurring only 0.98% runtime overhead compared to the baseline.
ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.
Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.
The post NDSS 2025 – type++: Prohibiting Type Confusion With Inline Type Information appeared first on Security Boulevard.
A newly disclosed research finding has revealed that Palo Alto Networks’ Cortex XDR Live Terminal feature can be turned into a command-and-control (C2) channel by attackers. Since this feature runs inside a trusted endpoint detection and response (EDR) agent, the traffic it produces is largely accepted by enterprise security tools, making this a quiet and […]
The post Hackers Can Abuse Cortex XDR Live Terminal Feature for C2 Communications appeared first on Cyber Security News.