Feel Me Flowa Review of Control-FlowIntegrity Methods for User and Kernel Space
- Irene Díez-Franco 1
- Igor Santos 1
-
1
Universidad de Deusto
info
- Manuel Graña (coord.)
- José Manuel López-Guede (coord.)
- Oier Etxaniz (coord.)
- Álvaro Herrero (coord.)
- Héctor Quintián (coord.)
- Emilio Corchado (coord.)
Publisher: Springer Suiza
ISBN: 978-3-319-47364-2, 3-319-47364-6, 978-3-319-47363-5, 3-319-47363-8
Year of publication: 2017
Pages: 477-486
Congress: International Conference on Computational Intelligence in Security for Information Systems (9. 2016. San Sebastián)
Type: Conference paper
Abstract
Attackers have evolved classic code-injection attacks, such as those caused by buffer overflows to sophisticated Turing-complete code-reuse attacks. Control-Flow Integrity (CFI) is a defence mechanism to eliminate control-flow hijacking attacks caused by common memory errors. CFI relies on static analysis for the creation of a program’s control-flow graph (CFG), then at runtime CFI ensures that the program follows the legitimate path. Thereby, when an attacker tries to execute malicious shellcode, CFI detects an unintended path and aborts execution. CFI heavily relies on static analysis for the accurate generation of the control-flow graph, and its security depends on how strictly the CFG is generated and enforced.This paper reviews the CFI schemes proposed over the last ten yearsand assesses their security guarantees against advanced exploitation tech-niques.