Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages
Seunghun Han, Seong-Joong Kim, Jae-Cheol Ryou
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In the ever-escalating arms race between attackers and defenders, the integrity of operating system kernels remains a paramount concern. This talk, "Page-Oriented Programming: Subverting Control-Flow Integrity of Commodity Operating System Kernels with Non-Writable Code Pages," presented by Seunghun Han and his colleagues Seong-Joong Kim and Jae-Cheol Ryou at USENIX Security '24, unveils a novel and sophisticated attack technique dubbed **Page-Oriented Programming (PoP)**. PoP revisits traditional page mapping attacks, demonstrating a potent new method to bypass even the most advanced, state-of-the-art **Control-Flow Integrity (CFI)** implementations, including those fortified by hardware-assisted mechanisms like Intel Control-flow Enforcement Technology (CET).
AI review
This research introduces Page-Oriented Programming (PoP), a novel and technically sophisticated attack that bypasses state-of-the-art kernel CFI, including hardware-assisted mechanisms like Intel CET. By manipulating page tables to remap non-writable code pages, PoP demonstrates a critical architectural blind spot, enabling arbitrary control flow without direct code modification. The work provides a stark reminder that even robust defenses can be undermined by clever exploitation of underlying memory translation layers.