Abstract

Control-flow integrity (CFI) checks ensure that programs respect their static call-graphs at runtime. A program might violate its call-graph due to malicious attacks such as shell code injection or return-to-libc style exploits. CFI checking can also be beneficial during testing to discover properties of control-flow, as well as at deployment to detect malicious behavior. We present practical aspects of CFI checking, including advantages and disadvantages of the following: how to represent call-graphs, how to instrument CFI checks, and how to refine CFI checks to properties of control-flow. We discuss two implementations: one instrumenting the source code and the other instrumenting the compiler generated assembly, and we describe their performance. Our paper is meant to be a practical guide to CFI monitoring.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call