Abstract
AbstractPerformance/security trade-off is widely noticed in CFI research, however, we observe that not every CFI scheme is subject to the trade-off. Motivated by the key observation, we ask three questions: ➊ does trade-off really exist in different CFI schemes? ➋ if trade-off do exist, how do previous works comply with it? ➌ how can it inspire future research? Although the three questions probably cannot be directly answered, they are inspiring. We find that a deeper understanding of the nature of the trade-off will help answer the three questions. Accordingly, we proposed the GPT conjecture to pinpoint the trade-off in designing CFI schemes, which says that at most two out of three properties (fine granularity, acceptable performance, and preventive protection) could be achieved.
Funder
Army Research Office
National Science Foundation
Publisher
Springer Science and Business Media LLC
Subject
Artificial Intelligence,Computer Networks and Communications,Information Systems,Software
Reference59 articles.
1. Abadi M, Budiu M, Erlingsson Ú, Ligatti J (2009) Control-flow integrity principles, implementations, and applications. ACM Trans Inf Syst Secur (TISSEC) 13(1):4
2. Abadi M, Budiu M, Erlingsson Ú, Ligatti J (2005) Control-flow integrity. In: Proceedings of the 12th ACM conference on computer and communications security, CCS ’05, New York, NY, USA, ACM, pp 340–353
3. Abbasi A, Holz T, Zambon E, Etalle S (2017) ECFI: asynchronous control flow integrity for programmable logic controllers. In: Proceedings of the 33rd annual computer security applications conference, ACSAC 2017, New York, NY, USA, ACM, pp 437–448
4. Allen FE (1970) Control flow analysis. In: Proceedings of a symposium on compiler optimization, New York, NY, USA, ACM, pp 1–19
5. Andersen S, Abella V (2004) Data execution prevention. Changes to functionality in Microsoft Windows XP Service Pack 2, Part 3. Memory protection technologies