English
Related papers

Related papers: Analyzing Control Flow Integrity with LLVM-CFI

200 papers

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow…

Cryptography and Security · Computer Science 2018-12-21 Paul Muntean

Recent Pwn2Own competitions have demonstrated the continued effectiveness of control hijacking attacks despite deployed countermeasures including stack canaries and ASLR. A powerful defense called Control flow Integrity (CFI) offers a…

Cryptography and Security · Computer Science 2014-08-08 Ali Jose Mashtizadeh , Andrea Bittau , David Mazieres , Dan Boneh

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal…

Cryptography and Security · Computer Science 2017-08-01 Ruan de Clercq , Ingrid Verbauwhede

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and…

Hardware Architecture · Computer Science 2021-03-09 Mario Telesklav , Stefan Tauner

Memory corruption is an important class of vulnerability that can be leveraged to craft control flow hijacking attacks. Control Flow Integrity (CFI) provides protection against such attacks. Application of type-based CFI policies requires…

Cryptography and Security · Computer Science 2024-01-17 Ruturaj K. Vaidya , Prasad A. Kulkarni

Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program's control flow. While Control Flow Integrity…

Cryptography and Security · Computer Science 2025-08-22 Sabine Houy , Bruno Kreyssig , Timothee Riom , Alexandre Bartel , Patrick McDaniel

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared…

Cryptography and Security · Computer Science 2022-08-09 Tanmaya Mishra , Thidapat Chantem , Ryan Gerdes

Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting…

Cryptography and Security · Computer Science 2014-07-03 Mathias Payer , Antonio Barresi , Thomas R. Gross

Control flow integrity (CFI) has received significant attention in the community to combat control hijacking attacks in the presence of memory corruption vulnerabilities. The challenges in creating a practical CFI has resulted in the…

Cryptography and Security · Computer Science 2020-02-17 Reza Mirzazade Farkhani , Saman Jafari , Sajjad Arshad , William Robertson , Engin Kirda , Hamed Okhravi

Large language models (LLMs) deployed behind APIs and retrieval-augmented generation (RAG) stacks are vulnerable to prompt injection attacks that may override system policies, subvert intended behavior, and induce unsafe outputs. Existing…

Cryptography and Security · Computer Science 2026-03-20 Md Takrim Ul Alam , Akif Islam , Mohd Ruhul Ameen , Abu Saleh Musa Miah , Jungpil Shin

Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Salmin Sultana , Hans Liljestrand , Karanvir Grewal , Michael LeMay , David M. Durham , David Schrammel , Stefan Mangard

Spectre attacks and their many subsequent variants are a new vulnerability class affecting modern CPUs. The attacks rely on the ability to misguide speculative execution, generally by exploiting the branch prediction structures, to execute…

Cryptography and Security · Computer Science 2019-12-06 Esmaeil Mohammadian Koruyeh , Shirin Haji Amin Shirazi , Khaled N. Khasawneh , Chengyu Song , Nael Abu-Ghazaleh

With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting…

Cryptography and Security · Computer Science 2019-11-26 Kyriakos Ispoglou , Bader AlBassam , Trent Jaeger , Mathias Payer

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

Code reuse attack (CRA) is a powerful attack that reuses existing codes to hijack the program control flow. Control flow integrity (CFI) is one of the most popular mechanisms to prevent against CRAs. However, current CFI techniques are…

Cryptography and Security · Computer Science 2019-05-07 Jiliang Zhang , Wuqiao Chen , Yuqi Niu

Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present…

Software Engineering · Computer Science 2025-12-30 Sabine Houy , Bruno Kreyssig , Alexandre Bartel

Control-flow hijacking attacks manipulate orchestration mechanisms in multi-agent systems into performing unsafe actions that compromise the system and exfiltrate sensitive information. Recently proposed defenses, such as LlamaFirewall,…

Machine Learning · Computer Science 2026-03-06 Rishi Jha , Harold Triedman , Justin Wagle , Vitaly Shmatikov

This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow Attestation (CFA) mechanisms, examining their differences and relationships. It addresses crucial questions about the goals, assumptions,…

Cryptography and Security · Computer Science 2024-10-23 Mahmoud Ammar , Adam Caulfield , Ivan De Oliveira Nunes
‹ Prev 1 2 3 10 Next ›