A survey of Hardware-based Control Flow Integrity (CFI)
Ruan de Clercq, Ingrid Verbauwhede
TL;DR
This survey analyzes 21 recent hardware-based Control Flow Integrity architectures, evaluating their security, practicality, and limitations to guide future improvements in hardware security measures.
Contribution
It provides a comprehensive comparison of existing hardware-based CFI architectures, highlighting their strengths and weaknesses for practical deployment.
Findings
Many architectures rely on difficult-to-obtain control flow models
Several architectures offer limited security guarantees
Practical issues hinder widespread adoption of some designs
Abstract
CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal is to evaluate the security, limitations, hardware cost, performance, and practicality of using these policies. We show that many architectures are not suitable for widespread adoption, since they have practical issues, such as relying on accurate control flow model (which is difficult to obtain) or they implement policies which provide only limited security.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSecurity and Verification in Computing · Advanced Malware Detection Techniques · Radiation Effects in Electronics