Control-flow integrity

Control-flow integrity (CFI) is a general term for computer security techniques which prevent a wide variety of malware attacks from redirecting the flow of execution of a program. Associated techniques include Code-Pointer Separation (CPS), Code-Pointer Integrity (CPI), stack canaries, shadow stacks, and vtable pointer verification.[1][2][3]

Related implementations are available in Clang,[4] Microsoft's Control Flow Guard,[5][6][7][8] Google's Indirect Function-Call Checks[9] and Reuse Attack Protector (RAP).[10][11]

See also

References

  1. Payer, Mathias; Kuznetsov, Volodymyr. "On differences between the CFI, CPS, and CPI properties". nebelwelt.net. Retrieved 2016-06-01.
  2. "Adobe Flash Bug Discovery Leads To New Attack Mitigation Method". Dark Reading. Retrieved 2016-06-01.
  3. Endgame. "Endgame to Present at Black Hat USA 2016". www.prnewswire.com. Retrieved 2016-06-01.
  4. "Control Flow Integrity — Clang 3.9 documentation". clang.llvm.org. Retrieved 2016-06-01.
  5. Patching; Research; Security; Vulnerabilities; Malware; Anonymous whales on Denmark, Iceland with OpKillingBay DDoS; EMV, Carders cash out hundreds of millions before USA adopts; ransomware, R. S. A. "Microsoft's malware mitigator refreshed, but even Redmond says it's no longer needed". Retrieved 2016-06-01.
  6. "Bypass Developed for Microsoft Memory Protection, Control Flow Guard". Threatpost | The first stop for security news. 2015-09-22. Retrieved 2016-06-01.
  7. Smith, Ms. "DerbyCon: Former BlueHat prize winner will bypass Control Flow Guard in Windows 10". Network World. Retrieved 2016-06-01.
  8. "Bypass Developed for Microsoft Memory Protection, Control Flow Guard". Threatpost | The first stop for security news. 2015-09-22. Retrieved 2016-06-01.
  9. Tice, Caroline; Roeder, Tom; Collingbourne, Peter; Checkoway, Stephen; Erlingsson, Úlfar; Lozano, Luis; Pike, Geoff (2014-01-01). "Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM".
  10. Security, heise. "PaX Team stellt Schutz vor Code Reuse Exploits vor". Security (in German). Retrieved 2016-06-01.
  11. "Frequently Asked Questions About RAP". Retrieved 2016-06-01.


This article is issued from Wikipedia - version of the 7/21/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.