Feel me flow: A review of control-flow integrity methods for user and kernel space

Abstract

Attackers have evolved classic code-injection attacks, such as those caused by buffer overflows to sophisticated Turing-complete code-reuse attacks. Control-Flow Integrity (CFI) is a defence mechanism to eliminate control-flow hijacking attacks caused by common memory errors. CFI relies on static analysis for the creation of a program’s control-flow graph (CFG), then at runtime CFI ensures that the program follows the legitimate path. Thereby, when an attacker tries to execute malicious shellcode, CFI detects an unintended path and aborts execution. CFI heavily relies on static analysis for the accurate generation of the control-flow graph, and its security depends on how strictly the CFG is generated and enforced. This paper reviews the CFI schemes proposed over the last ten years and assesses their security guarantees against advanced exploitation techniques.