Control Flow Integrity (CFI) prevents bugs from becoming exploits. It validates a program during execution and enforces at run-time what the programmer intended at compile time, even in the presence of vulnerabilities that would otherwise allow an attacker to alter control flow.
This exploit mitigation is a high priority for advancing secure software development.
Most CFI descriptions today focus on technical aspects of anti-exploitation technology, limiting widespread adoption. We’re changing that. To make CFI more accessible, we explain the technology from a software developer’s perspective.
Our analyses describe in practical terms clang’s and Visual Studio’s implementations of CFI, what each protects, and how to use CFI in current projects. We provide working examples showing how CFI protects Linux, MacOS, and Windows applications. As a result, developers can compare code guarded by CFI against unguarded code, and clarify their understanding of how CFI works.
Furthermore, we applied CFI to two large open source code bases and provided feedback to both the project authors and compiler developers. The candidate projects gained significant security improvements. The compiler developers received actionable feedback and bug reports. In parallel with other researchers, we even made a discovery about using hardware features to enforce CFI.
CFI is that good. It passes muster where other exploit mitigations have failed.
If you’d like help enabling CFI for a large and complex code base, and making the updates necessary to ensure its greatest utility, contact us.