Control-flow integrity principles, implementations, and applications
@article{Abadi2009ControlflowIP,
title={Control-flow integrity principles, implementations, and applications},
author={Mart{\'i}n Abadi and Mihai Budiu and {\'U}lfar Erlingsson and Jay Ligatti},
journal={ACM Trans. Inf. Syst. Secur.},
year={2009},
volume={13},
pages={4:1-4:40},
url={https://api.semanticscholar.org/CorpusID:207175177}
}Control-flow integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
Figures from this paper
Topics
Control-Flow Integrity (opens in a new tab)Shadow Call Stack (opens in a new tab)Program Shepherding (opens in a new tab)CFI Enforcement (opens in a new tab)Static CFG (opens in a new tab)Inline Reference Monitors (opens in a new tab)Software Fault Isolation (opens in a new tab)Stack Canaries (opens in a new tab)PittSFIeld (opens in a new tab)Function Returns (opens in a new tab)
923 Citations
Practical Considerations in Control-Flow Integrity Monitoring
- 2011
Computer Science
This paper presents practical aspects of CFI checking, including advantages and disadvantages of the following: how to represent call-graphs, how to instrument CFI checks, and how to refine CFI Checks to properties of control-flow.
Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity
- 2016
Computer Science
This paper presents a generic hardware-enhanced CFI scheme that fully supports multi-tasking, shared libraries, prevents various forms of code-reuse attacks, and allows CFI protected code and legacy code to co-exist.
A survey of Hardware-based Control Flow Integrity (CFI)
- 2017
Computer Science, Engineering
This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures to evaluate the security, limitations, hardware cost, performance, and practicality of using these policies.
Principles of Data Flow Integrity: Specification and Enforcement
- 2015
Computer Science
This paper develops a formal foundation on DFI specification, and characteristics of its enforcement techniques with formulations of hypotheses and guarantees that can be used for practical satisfaction of DFI and help establish guarantees in every applied platform.
Precise control flow protection based on source code
- 2012
Computer Science
A new CFI scheme, Source-code CFI(SCFI), is proposed, which provides context-sensitive locking for control flow and protects software against the attacks on the previous CFI and CFL schemes and improves safety.
Feel Me Flow: A Review of Control-Flow Integrity Methods for User and Kernel Space
- 2016
Computer Science, Engineering
Control-Flow Integrity (CFI) is a defence mechanism to eliminate control-flow hijacking attacks caused by common memory errors, and its security depends on how strictly the CFG is generated and enforced.
Block Oriented Programming: Automating Data-Only Attacks
- 2018
Computer Science
BOPC, a mechanism to automatically assess whether an attacker can execute arbitrary code on a binary hardened with CFI/shadow stack defenses, and Block Oriented Programming (BOP), a new code reuse technique that utilizes entire basic blocks as gadgets along valid execution paths in the program, i.e., without violating CFI or shadow stack policies.
Code Tamper-Proofing using Dynamic Canaries
- 2019
Computer Science
A novel technique that ensures control flow integrity using dynamic canaries with a sequence of XOR computations at the call-sites and return-sites with a performance overhead of under 5%.
Protecting Legacy Code against Control Hijacking via Execution Location Equivalence Checking
- 2016
Computer Science
The concept of execution location equivalence allows us to precisely detect execution divergence using a diversified control flow model and, consequently, to detect a broad variety of code-reuse attacks.
A case against indirect jumps for secure programs
- 2019
Computer Science
This paper shows that forbidding indirect jumps unlocks a precise CFG extraction for all acceptable programs, and proposes a way to overcome this impossibility result by restricting the instruction set architecture (ISA) semantics.
91 References
Control-Flow Integrity Principles , Implementations , and Applications Martı́n
- 2005
Computer Science
Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
Control-flow integrity
- 2005
Computer Science
Control-Flow Integrity provides a useful foundation for enforcing further security policies, as it is demonstrated with efficient software implementations of a protected shadow call stack and of access control for memory regions.
A Theory of Secure Control Flow
- 2005
Computer Science
This paper develops the basic theory that underlies two practical techniques for CFI enforcement, with precise formulations of hypotheses and guarantees.
Architectural support for software-based protection
- 2006
Computer Science, Engineering
The first part of this paper shows how modest Instruction Set Architecture (ISA) support can replace such guard code with single instructions for CFI, and presents ISA support for XFI, in the form of simple bounds-check instructions.
Secure program execution via dynamic information flow tracking
- 2004
Computer Science
This work presents a simple architectural mechanism called dynamic information flow tracking that can significantly improve the security of computing systems with negligible performance overhead and is transparent to users or application programmers.
Efficient, Verifiable Binary Sandboxing for a CISC Architecture
- 2005
Computer Science, Engineering
This work presents a novel technique that allows sandboxing to be easily applied to a CISC architecture like the IA-32 and describes a prototype implementation which provides a robust security guarantee, is scalable to programs of any size, and has low runtime overheads.
Secure Execution via Program Shepherding
- 2002
Computer Science
This work introduces program shepherding, a method for monitoring control flow transfers during program execution to enforce a security policy, and implements these capabilities efficiently in a runtime system with minimal or no performance penalties.
The Inlined Reference Monitor Approach to Security Policy Enforcement
- 2004
Computer Science
This dissertation supports the thesis that such Inlined Reference Monitors, or IRMs, offer many advantages and are a practical option in modern systems, and an IRM toolkit for Java is described in detail, using an imperative policy language that allows a security policy to be given in a single complete specification.
Policy-directed code safety
- 2000
Computer Science
Naccio is introduced, a general architecture for constraining the behavior of program executions and how a large class of safety policies can be defined, and results from the experience with the prototype implementations are evaluated.
Transparent runtime randomization for security
- 2003
Computer Science
A large class of security attacks exploit software implementation vulnerabilities such as unchecked buffers. This paper proposes transparent runtime randomization (TRR), a generalized approach for…