Securing Software

Run-time Enforcement

Goals

• Understand how to retroactively create safe pointers
• Understand how Control-Flow Integrity (CFI) works
• Analyze the strengths and weaknesses of CFI
• Construct basic control-flow graphs

Safe Pointers

• What properties do we want from safe pointers?
• What changes are needed to implement safe pointers?

CFI

• What is the adversary model for CFI?
  • How does this compare to the adversary model for previous defenses we’ve seen (e.g., canaries)?
• What properties does CFI require to be sound?
• What guarantees does CFI give us?
  • How does this compare to previous defenses?

• Why does CFI require a control-flow graph?

• Control Flow Graphs (CFGs)
  • What is a basic block?
  • How are CFGs defined?
  • Building a CFG
    • What distinguishes a sensitive vs. an insensitive analysis?
    • What properties might an analysis be sensitive to?
    • Define soundness vs. completeness

• Where and how does CFI instrument a binary?

• How can CFI instrumentation be verified?

• What’s the performance impact of CFI?

• What kinds of attacks can bypass CFI?