Affiliation:
1. Purdue University
2. University of California, Irvine
3. Paderborn University 8 SBA Research
Abstract
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI); this technique is now integrated into several production compilers. However, so far, no study has systematically compared the various proposed CFI mechanisms nor is there any protocol on how to compare such mechanisms. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii) an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers and (ii) precision of the protection for forward and backward edges. For open-source, compiler-based implementations, we also evaluate (iii) generated equivalence classes and target sets and (iv) runtime performance.
Funder
Defense Advanced Research Projects Agency
National Science Foundation
COMET K1 of the Austrian Research Promotion Agency
Publisher
Association for Computing Machinery (ACM)
Subject
General Computer Science,Theoretical Computer Science
Cited by
153 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. MAFIA: Protecting the Microarchitecture of Embedded Systems Against Fault Injection Attacks;IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems;2023-12
2. TypeSqueezer: When Static Recovery of Function Signatures for Binary Executables Meets Dynamic Analysis;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
3. SHERLOC: Secure and Holistic Control-Flow Violation Detection on Embedded Systems;Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security;2023-11-15
4. Hitchhiker's Guide to Secure Checkpointing on Energy-Harvesting Systems;Proceedings of the 11th International Workshop on Energy Harvesting & Energy-Neutral Sensing Systems;2023-11-12
5. Pervasive Micro Information Flow Tracking;IEEE Transactions on Dependable and Secure Computing;2023-11