Control-Flow Integrity: Precision, Security, and Performance

Authors:
Nathan Burow

Purdue University

Purdue University
View Profile

,
Scott A. Carr

Purdue University

Purdue University
View Profile

,
Joseph Nash

University of California, Irvine

University of California, Irvine
View Profile

,
Per Larsen

University of California, Irvine

University of California, Irvine
View Profile

,
Michael Franz

University of California, Irvine

University of California, Irvine
View Profile

,
Stefan Brunthaler

Paderborn University 8 SBA Research

Paderborn University 8 SBA Research
View Profile

,
Mathias Payer

Purdue University

Purdue University

0000-0001-5054-7547
View Profile

Authors Info & Claims

ACM Computing Surveys Volume 50 Issue 1Article No.: 16pp 1–33https://doi.org/10.1145/3054924

Published:04 April 2017Publication History

ACM Computing Surveys

Abstract

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI); this technique is now integrated into several production compilers. However, so far, no study has systematically compared the various proposed CFI mechanisms nor is there any protocol on how to compare such mechanisms. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii) an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers and (ii) precision of the protection for forward and backward edges. For open-source, compiler-based implementations, we also evaluate (iii) generated equivalence classes and target sets and (iv) runtime performance.

References

Martin Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005a. Control-flow integrity: Principles, implementations, and applications. In ACM Conference on Computer and Communications Security (CCS’05). Google ScholarDigital Library
Martín Abadi, Mihai Budiu, Úlfar Erlingsson, and Jay Ligatti. 2005b. A theory of secure control flow. In Proceedings of the 7th International Conference on Formal Methods and Software Engineering (ICFEM’05). Google ScholarDigital Library
Orlando Arias, Lucas Davi, Matthias Hanreich, Yier Jin, Patrick Koeberl, Debayan Paul, Ahmad-Reza Sadeghi, and Dean Sullivan. 2015. HAFIX: Hardware-assisted flow integrity extension. In Annual Design Automation Conference (DAC’15).Google Scholar
John Aycock. 2003. A brief history of just-in-time. Computing Surveys 35, 2, 97--113. Google ScholarDigital Library
David F. Bacon and Peter F. Sweeney. 1996. Fast static analysis of C++ virtual function calls. ACM SIGPLAN Notices 31, 10, 324--341. Google ScholarDigital Library
James R. Bell. 1973. Threaded code. Communications of the ACM 16, 6, 370--372. Google ScholarDigital Library
Tyler Bletsch, Xuxian Jiang, and Vince Freeh. 2011. Mitigating code-reuse attacks with control-flow locking. In Annual Computer Security Applications Conference (ACSAC’11). New York, NY. Google ScholarDigital Library
Dimitar Bounov, Rami Kici, and Sorin Lerner. 2016. Protecting C++ dynamic dispatch through vtable interleaving. In Symposium on Network and Distributed System Security (NDSS’16).Google ScholarCross Ref
Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: On the effectiveness of control-flow integrity. In 24th USENIX Security Symposium, USENIX Security 15. Washington, D.C., August 12-14, 2015.Google Scholar
Nicholas Carlini and David Wagner. 2014. ROP is still dangerous: Breaking modern defenses. In USENIX Security Symposium.Google Scholar
Stephen Checkoway, Lucas Davi, Alexandra Dmitrienko, Ahmad-Reza Sadeghi, Hovav Shacham, and Marcel Winandy. 2010. Return-oriented programming without returns. In ACM Conference on Computer and Communications Security (CCS). Google ScholarDigital Library
Yueqiang Cheng, Zongwei Zhou, Yu Miao, Xuhua Ding, and Robert Huijie Deng. 2014. ROPecker: A generic and practical approach for defending against ROP attacks. In Symposium on Network and Distributed System Security (NDSS’14). Google ScholarCross Ref
Nick Christoulakis, George Christou, Elias Athanasopoulos, and Sotiris Ioannidis. 2016. HCFI: Hardware-enforced control-flow integrity. In CODASPY’16.Google ScholarDigital Library
Peter Collingbourne. 2015. LLVM—Control Flow Integrity. (2015). Retrieved March 1, 2017 from http://clang.llvm.org/docs/ControlFlowIntegrity.html.Google Scholar
Mauro Conti, Stephen Crane, Lucas Davi, Michael Franz, Per Larsen, Christopher Liebchen, Marco Negro, Mohaned Qunaibit, and Ahmad-Reza Sadeghi. 2015. Losing control: On the effectiveness of control-flow integrity under stack attacks. In ACM Conference on Computer and Communications Security (CCS’15). Google ScholarDigital Library
John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014a. KCoFI: Complete control-flow integrity for commodity operating system kernels. In 2014 IEEE Symposium on Security and Privacy. Google ScholarDigital Library
John Criswell, Nathan Dautenhahn, and Vikram Adve. 2014b. KCoFI: Complete control-flow integrity for commodity operating system kernels. In IEEE Symposium on Security and Privacy (S8P).Google ScholarDigital Library
Thurston H. Y. Dang, Petros Maniatis, and David Wagner. 2015. The performance cost of shadow stacks and stack canaries. In ACM Symposium on Information, Computer and Communications Security (ASIACCS’15). Google ScholarDigital Library
Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger, and Ahmad-Reza Sadeghi. 2012. MoCFI: A framework to mitigate control-flow attacks on smartphones. In Symposium on Network and Distributed System Security (NDSS’12).Google Scholar
Lucas Davi, Patrick Koeberl, and Ahmad-Reza Sadeghi. 2014a. Hardware-assisted fine-grained control-flow integrity: Towards efficient protection of embedded systems against software exploitation. In Annual Design Automation Conference (DAC’14). Google ScholarDigital Library
Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, and Fabian Monrose. 2014b. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX Security Symposium.Google Scholar
Jeffrey Dean, David Grove, and Craig Chambers. 1995. Optimization of object-oriented programs using static class hierarchy analysis. In European Conference on Object-Oriented Programming (ECOOP’95). Google ScholarCross Ref
Eddy H. Debaere and Jan M. van Campenhout. 1990. Interpretation and Instruction Path Coprocessing. MIT Press, Cambridge, MA.Google Scholar
Isaac Evans, Samuel Fingeret, Julian Gonzalez, Ulziibayar Otgonbaatar, Tiffany Tang, Howard Shrobe, Stelios Sidiroglou-Douskos, Martin Rinard, and Hamed Okhravi. 2015a. Missing the point: On the effectiveness of code pointer integrity. In IEEE Symposium on Security and Privacy (S8P’15).Google ScholarDigital Library
Isaac Evans, Fan Long, Ulziibayar Otgonbaatar, Howard Shrobe, Martin Rinard, Hamed Okhravi, and Stelios Sidiroglou-Douskos. 2015b. Control jujutsu: On the weaknesses of fine-grained control flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Google ScholarDigital Library
Francisco Falcon. 2015. Exploiting Adobe Flash Player in the era of Control Flow Guard. BlackHat EU’15. Retrieved March 1, 2017 from https://www.blackhat.com/docs/eu-15/materials/eu-15-Falcon-Exploiting-Adobe-Flash-Player-In-The-Era-Of-Control-Flow-Guard.pdf.Google Scholar
Ivan Fratric. 2012. ROPGuard: Runtime Prevention of Return-Oriented Programming Attacks. Retrieved March 1, 2017 from http://www.ieee.hr/_download/repository/Ivan_Fratric.pdf. (2012).Google Scholar
Xinyang Ge, Nirupama Talele, Mathias Payer, and Trent Jaeger. 2016. Fine-grained control-flow integrity for kernel software. In IEEE European Symposium on Security and Privacy. Google ScholarCross Ref
Enes Göktas, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis. 2014. Out of control: Overcoming control-flow integrity. In IEEE Symposium on Security and Privacy (S8P’14).Google ScholarDigital Library
David Grove and Craig Chambers. 2001. A framework for call graph construction algorithms. ACM Transactions on Programming Languages and Systems 23, 6, 685--746. Google ScholarDigital Library
Brian Hackett and Alex Aiken. 2006. How is aliasing used in systems software? Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 69--80. Google ScholarDigital Library
Ben Hardekopf and Calvin Lin. 2007. The ant and the grasshopper. In Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’07), Vol. 42. ACM Press, New York, NY, 290. DOI:http://dx.doi.org/10.1145/1250734.1250767 Google ScholarDigital Library
Ben Hardekopf and Calvin Lin. 2011. Flow-sensitive pointer analysis for millions of lines of code. In International Symposium on Code Generation and Optimization (CGO’11). IEEE, 289--298. DOI:http://dx.doi.org/10.1109/CGO.2011.5764696 Google ScholarCross Ref
Michael Hind. 2001. Pointer analysis. In Proceedings of the 2001 ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE’01). ACM Press, New York, NY, 54--61. DOI:http://dx.doi.org/10.1145/379605.379665 Google ScholarDigital Library
Michael Hind and Anthony Pioli. 2000. Which pointer analysis should I use? ACM SIGSOFT Software Engineering Notes 25, 5, 113--123. Google ScholarDigital Library
Urs Hölzle and David Ungar. 1994. Optimizing dynamically-dispatched calls with run-time type feedback. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’94). Google ScholarDigital Library
Intel Inc. 2013. Intel 64 and IA-32 Architectures. Software Developer’s Manual.Google Scholar
Dongseok Jang, Zachary Tatlock, and Sorin Lerner. 2014. SAFEDISPATCH: Securing C++ virtual calls from memory corruption attacks. In Symposium on Network and Distributed System Security (NDSS’14). Google ScholarCross Ref
Vladimir Kiriansky. 2013. Secure Execution Environment via Program Shepherding. Master’s thesis. Massachusetts Institute of Technology, Cambridge, MA.Google Scholar
Vladimir Kiriansky, Derek Bruening, and Saman Amarasinghe. 2002. Secure execution via program shepherding. In USENIX Security Symposium.Google ScholarDigital Library
Peter M. Kogge. 1982. An architectural trail to threaded-code systems. Computer 15, 3, 22--32. DOI:http://dx.doi.org/10.1109/MC.1982.1653970 Google ScholarDigital Library
Per Larsen, Andrei Homescu, Stefan Brunthaler, and Michael Franz. 2014. SoK: Automated software diversity. In IEEE Symposium on Security and Privacy (S8P’14).Google ScholarDigital Library
O. Lhoták and Laurie Hendren. 2006. Context-sensitive points-to analysis: Is it worth it? Compiler Construction 47--64.Google Scholar
Ali José Mashtizadeh, Andrea Bittau, Dan Boneh, and David Mazières. 2015. CCFI: Cryptographically enforced control flow integrity. In ACM Conference on Computer and Communications Security (CCS’15). Google ScholarDigital Library
Bill McCarty. 2004. SELinux: NSA’s Open Source Security Enhanced Linux. O’Reilly Media, Inc., Sebastopol, CA.Google Scholar
Microsoft. 2006. Data Execution Prevention (DEP). Retrieved March 1, 2017 from http://support.microsoft.com/kb/875352/EN-US/.Google Scholar
Microsoft. 2015a. Visual Studio 2015—Compiler Options—Enable Control Flow Guard. Retrieved March 1, 2017 from https://msdn.microsoft.com/en-us/library/dn919635.aspx.Google Scholar
Microsoft. 2015b. SetProcessValidCallTargets function. Retrieved March 1, 2017 from https://msdn.microsoft.com/en-us/enus/library/windows/desktop/dn934202(v=vs.85).aspx. (2015).Google Scholar
Ana Milanova, Atanas Rountev, and Barbara G. Ryder. 2002. Parameterized object sensitivity for points-to and side-effect analyses for java. ACM SIGSOFT Software Engineering Notes 27, 4 (2002), 1.Google ScholarDigital Library
Markus Mock, Manuvir Das, Craig Chambers, and Susan J. Eggers. 2001. Dynamic points-to sets. In ACM SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE’01). Google ScholarDigital Library
Vishwath Mohan, Per Larsen, Stefan Brunthaler, Kevin Hamlen, and Michael Franz. 2015. Opaque control-flow integrity. In Symposium on Network and Distributed System Security (NDSS’15). Google ScholarCross Ref
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2009. SoftBound: Highly compatible and complete spatial memory safety for C. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’09). Google ScholarDigital Library
Santosh Nagarakatte, Jianzhou Zhao, Milo M. K. Martin, and Steve Zdancewic. 2010. CETS: Compiler enforced temporal safety for C. In ISMM’10.Google ScholarDigital Library
Flemming Nielson, Hanne Riis Nielson, and Chris Hankin. 1999. Principles of Program Analysis. Springer, Berlin. DOI:http://dx.doi.org/10.1007/978-3-662-03811-6 Google ScholarCross Ref
Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2009. Principles of Program Analysis. Springer, New York, NY.Google Scholar
Ben Niu and Gang Tan. 2014a. Modular control-flow integrity. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI’14).Google ScholarDigital Library
Ben Niu and Gang Tan. 2014b. RockJIT: Securing just-in-time compilation using modular control-flow integrity. In ACM Conference on Computer and Communications Security (CCS’14).Google ScholarDigital Library
Ben Niu and Gang Tan. 2015a. MCFI readme. Retrieved March 1, 2017 from https://github.com/mcfi/MCFI/blob/master/README.md.Google Scholar
Ben Niu and Gang Tan. 2015b. Per-input control-flow integrity. In Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. Denver, CO, October 12--6, 2015.Google ScholarDigital Library
Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX Security Symposium.Google Scholar
Baiju Patel. 2016. Intel releases new technology specifications to protect against ROP attacks. Retrieved March 1, 2017 from http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/.Google Scholar
PaX-Team. 2003a. PaX ASLR (Address Space Layout Randomization). Retrieved March 1, 2017 from http://pax.grsecurity.net/docs/aslr.txt.Google Scholar
PaX-Team. 2003b. PaX Future. Retrieved March 1, 2017 from https://pax.grsecurity.net/docs/pax-future.txt.Google Scholar
Mathias Payer, Antonio Barresi, and Thomas R. Gross. 2015. Fine-grained control-flow integrity through binary hardening. In Proceedings of the 12th International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA’15). Milan, Italy, July 9--10, 2015. Google ScholarDigital Library
Jannik Pewny and Thorsten Holz. 2013. Control-flow restrictor: Compiler-based CFI for iOS. In Annual Computer Security Applications Conference (ACSAC’13). Google ScholarDigital Library
Ryan Roemer, Erik Buchanan, Hovav Shacham, and Stefan Savage. 2012. Return-oriented programming: Systems, languages, and applications. ACM Transactions on Information System Security 15. Google ScholarDigital Library
Erven Rohou, Bharath Narasimha Swamy, and André Seznec. 2015. Branch prediction and the performance of interpreters: Don’t trust folklore. In IEEE/ACM International Symposium on Code Generation and Optimization (CGO’15). Google ScholarCross Ref
Atanas Rountev, Scott Kagan, and Michael Gibas. 2004. Evaluating the imprecision of static analysis. In Proceedings of the ACM-SIGPLAN-SIGSOFT Workshop on Program Analysis for Software Tools and Engineering (PASTE’04). ACM Press, New York, NY, 14. DOI:http://dx.doi.org/10.1145/996821.996829 Google ScholarDigital Library
Andrei Sabelfeld and A. C. Myers. 2003. Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21, 1, 5--19. DOI:http://dx.doi.org/10.1109/JSAC.2002.806121 Google ScholarDigital Library
Felix Schuster, Thomas Tendyck, Christopher Liebchen, Lucas Davi, Ahmad-Reza Sadeghi, and Thorsten Holz. 2015. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications. In IEEE Symposium on Security and Privacy (S8P’15).Google ScholarDigital Library
Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In CCS’07.Google Scholar
Micha Sharir and Amir Pnueli. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis, Steven S. Muchnick and Neil D. Jones (Eds.). Prentice Hall, Upper Saddle River, NJ.Google Scholar
Yannis Smaragdakis and George Balatsouras. 2015. Pointer analysis. Foundations and Trends in Programming Languages 2, 1, 1--69. DOI:http://dx.doi.org/10.1561/2500000014 Google ScholarDigital Library
Yannis Smaragdakis, Martin Bravenboer, and Ondrej Lhoták. 2011. Pick your contexts well. ACM SIGPLAN Notices 46, 1, 17.Google ScholarDigital Library
Dean Sullivan, Orlando Arias, Lucas Davi, Per Larsen, Ahmad-Reza Sadeghi, and Yier Jin. 2016. Strategy without tactics: Policy-agnostic hardware-enhanced control-flow integrity. In Annual Design Automation Conference (DAC’16). Google ScholarDigital Library
Laszlo Szekeres, Mathias Payer, Tao Wei, and Dawn Song. 2013. SoK: Eternal war in memory. In IEEE Symposium on Security and Privacy (S8P’13).Google ScholarDigital Library
Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, Úlfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing forward-edge control-flow integrity in GCC 8 LLVM. In USENIX Security Symposium.Google Scholar
Frank Tip and Jens Palsberg. 2000. Scalable propagation-based call graph construction algorithms. ACM SIGPLAN Notices 35, 10, 281--293. Google ScholarDigital Library
Arjan van de Ven and Ingo Molnar. 2004. Exec Shield. Retrieved March 1, 2017 from https://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf. (2004).Google Scholar
Victor van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. PathArmor: Practical ROP protection using context-sensitive CFI. In ACM Conference on Computer and Communications Security (CCS’15).Google Scholar
Zhi Wang and Xuxian Jiang. 2010. HyperSafe: A lightweight approach to provide lifetime hypervisor control-flow integrity. In IEEE S8P’10. Google ScholarDigital Library
David Weston and Matt Miller. 2016. Windows 10 Mitigation Improvements. BlackHat’16. Retrieved March 1, 2017 from https://www.blackhat.com/docs/us-16/materials/us-16-Weston-Windows-10-Mitigation-Improvements.pdf.Google Scholar
Yubin Xia, Yutao Liu, Haibo Chen, and Binyu Zang. 2012. CFIMon: Detecting violation of control flow integrity using performance counters. In IEEE/IFIP Conference on Dependable Systems and Networks (DSN’12).Google Scholar
Pinghai Yuan, Qingkai Zeng, and Xuhua Ding. 2015. Hardware-assisted fine-grained code-reuse attack detection. In International Symposium on Research in Attacks, Intrusions and Defenses (RAID’15). Google ScholarDigital Library
Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, and Dawn Song. 2015. VTint: Defending virtual function tables’ integrity. In Symposium on Network and Distributed System Security (NDSS’15).Google Scholar
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity 8 randomization for binary executables. In IEEE Symposium on Security and Privacy (S8P’13).Google Scholar
Mingwei Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In USENIX Security Symposium.Google Scholar

Index Terms

Control-Flow Integrity: Precision, Security, and Performance
1. General and reference
  1. Document types
    1. Surveys and overviews
2. Security and privacy
  1. Software and application security
  2. Systems security
    1. Information flow control

Recommendations

Enforcing Unique Code Target Property for Control-Flow Integrity
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The goal of control-flow integrity (CFI) is to stop control-hijacking attacks by ensuring that each indirect control-flow transfer (ICT) jumps to its legitimate target. However, existing implementations of CFI have fallen short of this goal because ...
Read More
Control-Flow Hijacking: Are We Making Progress?
ASIA CCS '17: Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Over the last 10+ years the security community developed several defenses [4]. Data Execution Prevention (DEP) protects against code ...
Read More
Control-Flow Carrying Code
Asia CCS '19: Proceedings of the 2019 ACM Asia Conference on Computer and Communications Security

Control-Flow Integrity~(CFI) is an effective approach in mitigating control-flow hijacking attacks including code-reuse attacks. Most conventional CFI techniques use memory page protection mechanism, Data Execution Prevention~(DEP), as an underlying ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Published in
ACM Computing Surveys Volume 50, Issue 1
January 2018
588 pages
ISSN:0360-0300
EISSN:1557-7341
DOI:10.1145/3058791
Editor:
Sartaj Sahni
Department of Computer and Information Science and Engineering / University of Florida / Gainesville, FL 32611
Issue’s Table of Contents
Copyright © 2017 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 4 April 2017
- Accepted: 1 January 2017
- Revised: 1 December 2016
- Received: 1 April 2016
Published in csur Volume 50, Issue 1

Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
Control-flow integrity
control-flow hijacking
return-oriented programming
shadow stack
Qualifiers
- survey
- Research
- Refereed
Conference
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 162
  Total Citations
  View Citations
- 4,788
  Total Downloads
- Downloads (Last 12 months)1,186
- Downloads (Last 6 weeks)166
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Control-Flow Integrity: Precision, Security, and Performance

ACM Computing Surveys

Abstract

References

Cited By

Index Terms

Recommendations

Enforcing Unique Code Target Property for Control-Flow Integrity

Control-Flow Hijacking: Are We Making Progress?

Control-Flow Carrying Code