A Theory of Secure Control Flow
نویسندگان
چکیده
Control-Flow Integrity (CFI) means that the execution of a program dynamically follows only certain paths, in accordance with a static policy. CFI can prevent attacks that, by exploiting buffer overflows and other vulnerabilities, attempt to control program behavior. This paper develops the basic theory that underlies two practical techniques for CFI enforcement, with precise formulations of hypotheses and guarantees.
منابع مشابه
Secure Information Flow in Orc (DRAFT)
Secure information flow attempts to verify that programs do not leak information to unauthorized third parties. Previous approaches to secure information flow have considered classical sequential languages and concurrent languages based on channels. In this work, we demonstrate how techniques from secure information flow can be used to verify security properties of structured concurrent workflo...
متن کاملSecure Information Flow Using Compiler Techniques
Protecting confidential data in computer systems is an actively researched problem with no complete solution. While access control and encryption prevent confidential information from being read or modified by unauthorized users, they do not regulate the information propagation after it has been released for execution. An approach proposed to handle this is secure information flow which has bee...
متن کاملTyping access control and secure information flow in sessions
We consider a calculus for multiparty sessions with delegation, enriched with security levels for session participants and data. We propose a type system that guarantees both session safety and a form of access control. Moreover, this type system ensures secure information flow, including controlled forms of declassification. In particular, it prevents information leaks due to the specific cont...
متن کاملAccess Control and Information Flow in Transactional Memory
The paper considers the addition of access control to a number of transactional memory implementations, and studies its impact on the information flow security of such systems. Even after the imposition of access control, the Unbounded Transactional Memory due to Ananian et al, and most instances of a general scheme for transactional conflict detection and arbitration due to Scott, are shown to...
متن کاملControl Flow Confinement: An Empirical Prospect
Dictating program control-flow transfers to be within a reference control-flow graph (CFG) can make a sound software protection. Control flow confinement (CFC) is to ensure the program execution to follow the reference of a control flow graph (CFG) obtained via profiled execution traces with various input data sets. CFC allows only the tested and expected control flows in program execution. Thi...
متن کامل