CFG construction soundness in Control-Flow integrity

Gang Tan, Trent Jaeger

Research output: Chapter in Book/Report/Conference proceedingConference contribution

9 Scopus citations

Abstract

Control-Flow Integrity (CFI) is an intensively studied technique for hardening software security. It enforces a Control-Flow Graph (CFG) by inlining runtime checks into target programs. Many methods have been proposed to construct the enforced CFG, with different degrees of precision and sets of assumptions. However, past CFI work has not made attempt at justifying their CFG construction soundness using formal semantics and proofs. In this paper, we formalize the CFG construction in two major CFI systems, identify their assumptions, and prove their soundness; the soundness proof shows that their computed sets of targets for indirect calls are safe over-approximations.

Original languageEnglish (US)
Title of host publicationPLAS 2017 - Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, co-located with CCS 2017
PublisherAssociation for Computing Machinery, Inc
Pages3-13
Number of pages11
ISBN (Electronic)9781450350990
DOIs
StatePublished - Oct 30 2017
Event12th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, PLAS 2017 - Dallas, United States
Duration: Oct 30 2017 → …

Publication series

NamePLAS 2017 - Proceedings of the 2017 Workshop on Programming Languages and Analysis for Security, co-located with CCS 2017
Volume2017-January

Other

Other12th ACM SIGSAC Workshop on Programming Languages and Analysis for Security, PLAS 2017
Country/TerritoryUnited States
CityDallas
Period10/30/17 → …

All Science Journal Classification (ASJC) codes

  • Computational Theory and Mathematics
  • Computer Science Applications
  • Software

Fingerprint

Dive into the research topics of 'CFG construction soundness in Control-Flow integrity'. Together they form a unique fingerprint.

Cite this