It is for this reason that current research efforts focus on making CFI fast and practical. Second, in its ideal form, the technique is very expensive. First, many CFI implementations require source code or debug information that is typically not available for commercial software. Two main problems have prevented CFI from being deployed in practice. In its ideal form, CFI prevents flows of control that were not intended by the original program, effectively putting a stop to exploitation based on return oriented programming (and many other attacks besides). As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing.
0 Comments
Leave a Reply. |