Next Article in Journal
Stretched Exponential Survival Analysis for South Korean Females
Previous Article in Journal
A Study of Colormaps in Network Visualization
Previous Article in Special Issue
Portable Smart Spectrometer Integrated with Blockchain and Big Data Technology
Open AccessArticle

Control-Flow Integrity: Attacks and Protections

1
School of Computing, Engineering and Physical Sciences, University of the West of Scotland, High Street, Paisley PA1 2BE, UK
2
Department of Computing Engineering, Universitat Politècnica de València, Camino de Vera s/n, 46022 Valencia, Spain
*
Author to whom correspondence should be addressed.
Appl. Sci. 2019, 9(20), 4229; https://doi.org/10.3390/app9204229
Received: 23 August 2019 / Revised: 1 October 2019 / Accepted: 3 October 2019 / Published: 10 October 2019
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them. View Full-Text
Keywords: CFI protections; CFI attacks; memory errors; security; exploitation CFI protections; CFI attacks; memory errors; security; exploitation
Show Figures

Figure 1

MDPI and ACS Style

Sayeed, S.; Marco-Gisbert, H.; Ripoll, I.; Birch, M. Control-Flow Integrity: Attacks and Protections. Appl. Sci. 2019, 9, 4229.

Show more citation formats Show less citations formats
Note that from the first issue of 2016, MDPI journals use article numbers instead of page numbers. See further details here.

Article Access Map by Country/Region

1
Back to TopTop