Hardware-assisted mechanisms to enforce control flow integrity: A comprehensive survey

Abstract

Today, a vast amount of sensitive data worth millions of dollars is processed in untrusted data centers; hence, the confidentiality and integrity of the code and data are of paramount importance. Given the high incentive of mounting a successful attack, the complexity of attack methods has grown rapidly over the years. The attack methods rely on vulnerabilities present in the system to hijack the control flow of a process and use it to either steal sensitive information or degrade the quality of service.To thwart these attacks, the complexity of the defense methods has also increased in tandem. Researchers have explored different methods to ensure the secure execution of an application. The defense methods range from software-only to hardware-only to hybrid defense methods.In this survey, we focus on the relatively new hybrid form of defense methods where software and hardware work in tandem to protect the control flow of applications. We present a novel three-level taxonomy of these defense mechanisms based on first principles and use them to classify existing defense methods. After presenting the taxonomy, we critically analyze the proposed defense methods, study the evolution of the field and outline the challenges for future work.