SoK: Runtime Integrity
Mahmoud Ammar, Adam Caulfield, Ivan De Oliveira Nunes
TL;DR
This paper systematically reviews Control Flow Integrity and Control Flow Attestation mechanisms, analyzing their goals, assumptions, and design spaces to understand their roles and limitations in runtime defense strategies.
Contribution
It provides a comprehensive analysis of CFI and CFA, clarifying their differences, relationships, and positioning within runtime security defenses.
Findings
Highlights the distinct goals and assumptions of CFI and CFA
Identifies gaps and limitations in current runtime defenses
Suggests directions for future research to improve runtime security
Abstract
This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow Attestation (CFA) mechanisms, examining their differences and relationships. It addresses crucial questions about the goals, assumptions, features, and design spaces of CFI and CFA, including their potential coexistence on the same platform. Through a comprehensive review of existing defenses, this paper positions CFI and CFA within the broader landscape of runtime defenses, critically evaluating their strengths, limitations, and trade-offs. The findings emphasize the importance of further research to bridge the gaps in CFI and CFA and thus advance the field of runtime defenses.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsParallel Computing and Optimization Techniques · Distributed and Parallel Computing Systems · Scientific Computing and Data Management