Abstract
Control-Flow Integrity (CFI) means that the execution of a program dynamically follows only certain paths, in accordance with a static policy. CFI can prevent attacks that, by exploiting buffer overflows and other vulnerabilities, attempt to control program behavior. This paper develops the basic theory that underlies two practical techniques for CFI enforcement, with precise formulations of hypotheses and guarantees.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Protection in programming-language translations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 868–883. Springer, Heidelberg (1998)
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity: Principles, implementations, and applications. In: Proceedings of the ACM Conference on Computer and Communications Security, 2005. A preliminary version appears as Microsoft Research Technical Report MSR-TR-05-18 (February 2005)
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Further formal material on CFI and SMAC (2005), available at http://research.microsoft.com/research/sv/gleipnir (Manuscript)
Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the Usenix Security Symposium, pp. 63–78 (1998)
Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proceedings of the New Security Paradigms Workshop, pp. 87–95 (1999)
Hamid, N., Shao, Z., Trifonov, V., Monnier, S., Ni, Z.: A Syntactic Approach to Foundational Proof-Carrying Code. Technical Report YALEU/DCS/TR-1224, Dept. of Computer Science, Yale University (2002)
Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)
Microsoft Corporation. Changes to functionality in Microsoft Windows XP SP2: Memory protection technologies (2004), http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx
Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to typed assembly language. ACM Transactions on Programming Languages and Systems 21(3), 527–568 (1999)
Necula, G.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119 (January 1997)
PaX Project. The PaX project (2004), http://pax.grsecurity.net/
Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2(4), 20–27 (2004)
Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of Network and Distributed System Security Symposium, pp. 159–169 (2004)
Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 298–307 (2004)
Srivastava, A., Edwards, A., Vo, H.: Vulcan: Binary transformation in a distributed environment. Technical Report MSR-TR-2001-50, Microsoft Research (2001)
Srivastava, A., Eustace, A.: ATOM: A system for building customized program analysis tools. Technical Report WRL Research Report 94/2, Digital Equipment Corporation (1994)
Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 85–96 (2004)
Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review 27(5), 203–216 (1993)
Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the Network and Distributed System Security Symposium, pp. 149–162 (2003)
Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: Proceedings of the Symposium on Reliable and Distributed Systems, pp. 260–269 (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J. (2005). A Theory of Secure Control Flow. In: Lau, KK., Banach, R. (eds) Formal Methods and Software Engineering. ICFEM 2005. Lecture Notes in Computer Science, vol 3785. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11576280_9
Download citation
DOI: https://doi.org/10.1007/11576280_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-29797-0
Online ISBN: 978-3-540-32250-4
eBook Packages: Computer ScienceComputer Science (R0)