Skip to main content
SpringerLink
Log in

A Theory of Secure Control Flow

  • Conference paper
Formal Methods and Software Engineering (ICFEM 2005)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 3785))

Included in the following conference series:

Abstract

Control-Flow Integrity (CFI) means that the execution of a program dynamically follows only certain paths, in accordance with a static policy. CFI can prevent attacks that, by exploiting buffer overflows and other vulnerabilities, attempt to control program behavior. This paper develops the basic theory that underlies two practical techniques for CFI enforcement, with precise formulations of hypotheses and guarantees.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abadi, M.: Protection in programming-language translations. In: Larsen, K.G., Skyum, S., Winskel, G. (eds.) ICALP 1998. LNCS, vol. 1443, pp. 868–883. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  2. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Control-flow integrity: Principles, implementations, and applications. In: Proceedings of the ACM Conference on Computer and Communications Security, 2005. A preliminary version appears as Microsoft Research Technical Report MSR-TR-05-18 (February 2005)

    Google Scholar 

  3. Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J.: Further formal material on CFI and SMAC (2005), available at http://research.microsoft.com/research/sv/gleipnir (Manuscript)

  4. Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., Hinton, H.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proceedings of the Usenix Security Symposium, pp. 63–78 (1998)

    Google Scholar 

  5. Erlingsson, Ú., Schneider, F.B.: SASI enforcement of security policies: A retrospective. In: Proceedings of the New Security Paradigms Workshop, pp. 87–95 (1999)

    Google Scholar 

  6. Hamid, N., Shao, Z., Trifonov, V., Monnier, S., Ni, Z.: A Syntactic Approach to Foundational Proof-Carrying Code. Technical Report YALEU/DCS/TR-1224, Dept. of Computer Science, Yale University (2002)

    Google Scholar 

  7. Ligatti, J., Bauer, L., Walker, D.: Edit automata: Enforcement mechanisms for run-time security policies. International Journal of Information Security 4(1-2), 2–16 (2005)

    Article  Google Scholar 

  8. Microsoft Corporation. Changes to functionality in Microsoft Windows XP SP2: Memory protection technologies (2004), http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx

  9. Morrisett, G., Walker, D., Crary, K., Glew, N.: From System F to typed assembly language. ACM Transactions on Programming Languages and Systems 21(3), 527–568 (1999)

    Article  Google Scholar 

  10. Necula, G.: Proof-carrying code. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages, pp. 106–119 (January 1997)

    Google Scholar 

  11. PaX Project. The PaX project (2004), http://pax.grsecurity.net/

  12. Pincus, J., Baker, B.: Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Security and Privacy 2(4), 20–27 (2004)

    Article  Google Scholar 

  13. Ruwase, O., Lam, M.S.: A practical dynamic buffer overflow detector. In: Proceedings of Network and Distributed System Security Symposium, pp. 159–169 (2004)

    Google Scholar 

  14. Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., Boneh, D.: On the effectiveness of address-space randomization. In: Proceedings of the ACM Conference on Computer and Communications Security, pp. 298–307 (2004)

    Google Scholar 

  15. Srivastava, A., Edwards, A., Vo, H.: Vulcan: Binary transformation in a distributed environment. Technical Report MSR-TR-2001-50, Microsoft Research (2001)

    Google Scholar 

  16. Srivastava, A., Eustace, A.: ATOM: A system for building customized program analysis tools. Technical Report WRL Research Report 94/2, Digital Equipment Corporation (1994)

    Google Scholar 

  17. Suh, G.E., Lee, J.W., Zhang, D., Devadas, S.: Secure program execution via dynamic information flow tracking. In: Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 85–96 (2004)

    Google Scholar 

  18. Wahbe, R., Lucco, S., Anderson, T.E., Graham, S.L.: Efficient software-based fault isolation. ACM SIGOPS Operating Systems Review 27(5), 203–216 (1993)

    Article  Google Scholar 

  19. Wilander, J., Kamkar, M.: A comparison of publicly available tools for dynamic buffer overflow prevention. In: Proceedings of the Network and Distributed System Security Symposium, pp. 149–162 (2003)

    Google Scholar 

  20. Xu, J., Kalbarczyk, Z., Iyer, R.K.: Transparent runtime randomization for security. In: Proceedings of the Symposium on Reliable and Distributed Systems, pp. 260–269 (2003)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computer Science Department, University of California, Santa Cruz

    Martín Abadi

  2. Microsoft Research, Silicon Valley

    Mihai Budiu & Úlfar Erlingsson

  3. Computer Science Department, Princeton University,  

    Jay Ligatti

Authors
  1. Martín Abadi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mihai Budiu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Úlfar Erlingsson
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jay Ligatti
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Computer Science, The University of Manchester, M13 9PL, Manchester, United Kingdom

    Kung-Kiu Lau

  2. School of Computer Science, University of Manchester, M13 9PL, Manchester, UK

    Richard Banach

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Abadi, M., Budiu, M., Erlingsson, Ú., Ligatti, J. (2005). A Theory of Secure Control Flow. In: Lau, KK., Banach, R. (eds) Formal Methods and Software Engineering. ICFEM 2005. Lecture Notes in Computer Science, vol 3785. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11576280_9

Download citation

  • DOI: https://doi.org/10.1007/11576280_9

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-29797-0

  • Online ISBN: 978-3-540-32250-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation