2017
DOI: 10.1145/3054924
|View full text |Cite
|
Sign up to set email alerts
|

Control-Flow Integrity

Abstract: Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI); this technique is now integrated into several production compilers. However, so far, no study has systematically compared the various proposed C… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
30
0

Year Published

2018
2018
2020
2020

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 179 publications
(30 citation statements)
references
References 56 publications
0
30
0
Order By: Relevance
“…Such protections take many forms, including duplicated execution or tracking the effective flow in auxiliary counters, taint detection variables, trackers, etc. [16]. Compiler optimizations transform the control flow without any knowledge of the implicit link between the protection code and what underlying mechanisms it is meant to track.…”
Section: Context and Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…Such protections take many forms, including duplicated execution or tracking the effective flow in auxiliary counters, taint detection variables, trackers, etc. [16]. Compiler optimizations transform the control flow without any knowledge of the implicit link between the protection code and what underlying mechanisms it is meant to track.…”
Section: Context and Related Workmentioning
confidence: 99%
“…In general, the link between such smart functional encoding and the related assumptions on the execution cannot be made explict, given the semantic abstraction gap between source and machine code. These encodings are also as diverse as the (approximate) models of the machine state and transitions instrumented by control flow integrity countermeasures [16]. We are thus looking for a generic solution rather than property-or optimization-specific ones.…”
Section: Introductionmentioning
confidence: 99%
“…According to Niu et al [44], bin-CFI permits a function to return to every viable return address; hence, the accuracy of this CFI is fragile to Return-Oriented programming (ROP)-based attacks. AIR is not a very suitable metric while considering it from a security perspective [57]. Two main reasons are; First, every CFI mechanism produces similar AIR numbers; hence, making the AIR improper when compared with other CFI mechanisms.…”
Section: Cfi For Cots Binaries (Bincfi)mentioning
confidence: 99%
“…Statically computed CFG does not produce a proper result, and various experiments prove that DEP is by-passable. PICFI only relies on underlying static analysis and can be affected by label creep by obtaining a vast number of labels from CFG [57].…”
Section: Per-input Cfi (Picfi)mentioning
confidence: 99%
“…CFI has an extensive literature. A recent review has been published by Burow et al [4]. Most CFI solutions try to verify that jumps can only reach legitimate addresses (forward edges).…”
Section: Control Flow Integritymentioning
confidence: 99%