I read some papers about data-only attacks after presentation. So the essence of data-only attacks is about modifying data, not control flow. So data-only attacks doesn't harm control flow integrity. That means, any kind of CFI(including source-level, type-armor) cannot mitigate such attacks. To mitigate this kind of attack, we need another approach not CFI.
Q2. Why checking return type(void or non-void) can prevent attacks(especially COOP-like)?
COOP attack consists of ML gadget(main-loop) and other gadgets. COOP is a attack that read/write some data, or do some arithmetic task while running ML gadget. So, after doing something you must get back to main loop. So return process is very important in COOP attacks. If we can distinguish some abnormal returns and prevent it, we can break some COOP exploits.
Sorry I'm late, I wasn't sure if my answer was correct or wrong. So I read more papers and did more googling. If you're not satisfied with my answers, please comment down below.
Q1. Why TypeArmor can't prevent data-only attacks.
I read some papers about data-only attacks after presentation. So the essence of data-only attacks is about modifying data, not control flow. So data-only attacks doesn't harm control flow integrity. That means, any kind of CFI(including source-level, type-armor) cannot mitigate such attacks. To mitigate this kind of attack, we need another approach not CFI.
Q2. Why checking return type(void or non-void) can prevent attacks(especially COOP-like)?
COOP attack consists of ML gadget(main-loop) and other gadgets. COOP is a attack that read/write some data, or do some arithmetic task while running ML gadget. So, after doing something you must get back to main loop. So return process is very important in COOP attacks. If we can distinguish some abnormal returns and prevent it, we can break some COOP exploits.
Sorry I'm late, I wasn't sure if my answer was correct or wrong. So I read more papers and did more googling. If you're not satisfied with my answers, please comment down below.