Sarwar Sayeed
Control-Flow Integrity: Attacks and Protections
Sayeed, Sarwar; Marco-Gisbert, Hector; Ripoll, Ismael; Birch, Miriam
Authors
Hector Marco-Gisbert
Ismael Ripoll
Miriam Birch
Abstract
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corruption vulnerabilities are still a major security threat. Consequently, control-flow integrity has received significant attention in the research community, and software developers to combat control code execution attacks in the presence of type of faults. Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by a malicious attacker. In this paper, we assess the effectiveness of 14 CFI techniques against the most popular exploitation techniques, including code reuse attacks, return-to-user, return-to-libc, and replay attacks. We also classify these techniques based on their security, robustness, and implementation complexity. Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation. We conclude that the performance overhead introduced, jointly with the partial attack coverage, is discouraging the industry from adopting most of them.
Citation
Sayeed, S., Marco-Gisbert, H., Ripoll, I., & Birch, M. (2019). Control-Flow Integrity: Attacks and Protections. Applied Sciences, 9(20), Article 4229. https://doi.org/10.3390/app9204229
| Journal Article Type | Article |
|---|---|
| Acceptance Date | Oct 3, 2019 |
| Online Publication Date | Oct 10, 2019 |
| Publication Date | 2019 |
| Deposit Date | Feb 1, 2022 |
| Publicly Available Date | Feb 1, 2022 |
| Journal | Applied Sciences |
| Electronic ISSN | 2076-3417 |
| Publisher | MDPI |
| Peer Reviewed | Peer Reviewed |
| Volume | 9 |
| Issue | 20 |
| Article Number | 4229 |
| DOI | https://doi.org/10.3390/app9204229 |
| Keywords | CFI protections; CFI attacks; memory errors; security; exploitation |
| Public URL | http://researchrepository.napier.ac.uk/Output/2839025 |
Files
Smart contracts, attack techniques, DApp, Ethereum, vulnerability
(593 Kb)
PDF
Publisher Licence URL
http://creativecommons.org/licenses/by/4.0/
You might also like
Smart Contract: Attacks and Protections
(2020)
Journal Article
GLASS: A Citizen-Centric Distributed Data-Sharing Model within an e-Governance Architecture
(2022)
Journal Article
Towards The Creation Of The Future Fish Farm
(2023)
Journal Article
Proof of Adjourn (PoAj): A Novel Approach to Mitigate Blockchain Attacks
(2020)
Journal Article
Downloadable Citations
About Edinburgh Napier Research Repository
Administrator e-mail: repository@napier.ac.uk
This application uses the following open-source libraries:
SheetJS Community Edition
Apache License Version 2.0 (http://www.apache.org/licenses/)
PDF.js
Apache License Version 2.0 (http://www.apache.org/licenses/)
Font Awesome
SIL OFL 1.1 (http://scripts.sil.org/OFL)
MIT License (http://opensource.org/licenses/mit-license.html)
CC BY 3.0 ( http://creativecommons.org/licenses/by/3.0/)
Powered by Worktribe © 2025
Advanced Search