Umeå universitets logga

umu.sePublikationer
EnglishSvenskaNorsk
Ändra sökning
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Control flow integrity in practice: retrospectives, realities, and automated enforcement
Umeå universitet, Teknisk-naturvetenskapliga fakulteten, Institutionen för datavetenskap. (Software Engineering & Security)
2026 (Engelska)Doktorsavhandling, sammanläggning (Övrigt vetenskapligt)Alternativ titel
Kontrollflödesintegritet i praktiken : retrospektiv, verklighet och automatiserad tillämpning (Svenska)
Abstract [en]

Control Flow Integrity (CFI) is a well-established mitigation against control-flow hijacking attacks arising from memory corruption vulnerabilities. Over the past two decades, numerous CFI mechanisms have been proposed and integrated into modern compilers and software ecosystems. Despite this progress, CFI remains difficult to adopt in practice, and deployment decisions, compatibility constraints, and engineering overhead strongly influence its real-world security impact. 

This dissertation investigates Control Flow Integrity from the perspective of practical adoption and deployability. Rather than treating CFI as a purely theoretical protection, it examines how CFI is selected, integrated, and maintained in real-world software systems, and why these steps often fall short of idealized designs. The dissertation is structured around four complementary studies that together trace the path from measurement to guidance, to deployment experience, and finally to automated enforcement. 

The first study presents a large-scale empirical analysis of deployed binaries to assess the current state of LLVM-CFI adoption across major software platforms. It shows that while CFI deployment is increasing in some ecosystems, it remains uneven and limited, leaving substantial portions of the attack surface unprotected. The second study addresses the lack of practical guidance for developers by introducing a systematic taxonomy that maps LLVM-CFI variants to common classes of memory corruption vulnerabilities. This taxonomy provides actionable recommendations to support incremental, informed adoption of CFI in existing codebases.

The third study examines the practical challenges of deploying CFI in a complex, production-grade runtime. Through a detailed case study of integrating LLVM-CFI into a modern Java Virtual Machine, it demonstrates that compatibility issues, manual exclusions, and maintenance effort are central obstacles to effective enforcement, even when strong CFI mechanisms are available. These findings highlight the gap between CFI as designed and CFI as deployed. 

Building on these insights, the dissertation introduces an automated framework for CFI policy generation and enforcement. By reducing manual effort and mitigating compatibility barriers, this approach enables more consistent and scalable CFI deployment across large and evolving software systems.

Overall, the dissertation shows that the effectiveness of Control Flow Integrity in practice is shaped less by the availability of CFI mechanisms than by the feasibility of adopting them. By combining empirical measurement, practical guidance, deployment experience, and automation, this work contributes toward a more realistic and actionable understanding of CFI and provides concrete support for improving its deployment in real-world software systems.
Ort, förlag, år, upplaga, sidor
Umeå: Umeå University, 2026. , s. 40
Nyckelord [en]
control flow integrity, security, software security, program analysis, system security
Nationell ämneskategori
Säkerhet, integritet och kryptologi
Forskningsämne
datalogi
Identifikatorer
URN: urn:nbn:se:umu:diva-248700ISBN: 978-91-8070-888-3 (tryckt)ISBN: 978-91-8070-889-0 (digital)OAI: oai:DiVA.org:umu-248700DiVA, id: diva2:2029951
Disputation
2026-02-17, Hörsal UB.A.230 - Lindellhallen 3, Lindellplatsen 1, 907 32 Umeå, Umeå, 13:00 (Engelska)
Opponent
Handledare
Forskningsfinansiär
Wallenberg AI, Autonomous Systems and Software Program (WASP), 570011241Tillgänglig från: 2026-01-27 Skapad: 2026-01-19 Senast uppdaterad: 2026-01-20Bibliografiskt granskad
Delarbeten
1. Twenty years later: evaluating the adoption of control flow integrity
Öppna denna publikation i ny flik eller fönster >>Twenty years later: evaluating the adoption of control flow integrity
2025 (Engelska)Ingår i: ACM Transactions on Software Engineering and Methodology, ISSN 1049-331X, E-ISSN 1557-7392, Vol. 34, nr 4, artikel-id 103Artikel i tidskrift (Refereegranskat) Published
Abstract [en]

Memory corruption vulnerabilities still allow compromising computers through software written in a memory-unsafe language such as C/C++. This highlights that mitigation techniques to prevent such exploitations are not all widely deployed. In this article, we introduce SeeCFI, a tool to detect the presence of a memory corruption mitigation technique called Control Flow Integrity (CFI). We leverage SeeCFI to investigate to what extent the mitigation has been deployed in complex software systems such as Android and specific Linux distributions (Ubuntu and Debian). Our results indicate that the overall adoption of CFI (forward- and backward-edge) is increasing across Android versions (∼30% in Android 13) but remains the same low (1%) throughout different Linux versions. Our tool, SeeCFI, offers the possibility to identify which binaries in a system were compiled using the CFI option. This can be deployed by external security researchers to efficiently decide which binaries to prioritize when fixing vulnerabilities and how to fix them. Therefore, SeeCFI can help to make software systems more secure.
Ort, förlag, år, upplaga, sidor
Association for Computing Machinery (ACM), 2025
Nyckelord
CFI, memory corruption vulnerabilities, mitigation techniques, software maintenance, static analysis
Nationell ämneskategori
Programvaruteknik Datorsystem
Identifikatorer
urn:nbn:se:umu:diva-239174 (URN)10.1145/3702982 (DOI)001490671100003 ()2-s2.0-105005201930 (Scopus ID)
Tillgänglig från: 2025-06-16 Skapad: 2025-06-16 Senast uppdaterad: 2026-01-20Bibliografiskt granskad
2. SoK: a practical guideline and taxonomy to LLVM’s control flow integrity
Öppna denna publikation i ny flik eller fönster >>SoK: a practical guideline and taxonomy to LLVM’s control flow integrity
Visa övriga...
2025 (Engelska)Ingår i: Proceedings - 2025 IEEE Secure Development Conference, SecDev 2025, Institute of Electrical and Electronics Engineers (IEEE), 2025, s. 129-141Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program’s control flow. While Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path, developers are not provided with any direction on how to apply CFI to real-world software. In this work, we establish a taxonomy mapping LLVM’s forward-edge CFI variants to memory corruption vulnerability classes, offering actionable guidance for developers seeking to deploy CFI incrementally in existing codebases. Based on the Top 10 Known Exploited Vulnerabilities (KEV) list, we identify four high-impact vulnerability categories and select one representative CVE for each. We evaluate LLVM’s CFI against each CVE and explain why CFI blocks exploitation in two cases while failing in the other two, illustrating its potential and current limitations. Our findings support informed deployment decisions and provide a foundation for improving the practical use of CFI in production systems.
Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2025
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:umu:diva-248183 (URN)10.1109/SecDev66745.2025.00024 (DOI)2-s2.0-105025202216 (Scopus ID)9798331595951 (ISBN)
Konferens
2025 IEEE Secure Development Conference, SecDev 2025, Indianapolis, IN, USA, 14-16 October, 2025.
Forskningsfinansiär
Wallenberg AI, Autonomous Systems and Software Program (WASP)
Tillgänglig från: 2026-01-12 Skapad: 2026-01-12 Senast uppdaterad: 2026-01-20Bibliografiskt granskad
3. Lessons learned and challenges of deploying control flow integrity in complex software: the case of OpenJDK's java virtual machine
Öppna denna publikation i ny flik eller fönster >>Lessons learned and challenges of deploying control flow integrity in complex software: the case of OpenJDK's java virtual machine
2024 (Engelska)Ingår i: 2024 IEEE Secure Development Conference (SecDev), Institute of Electrical and Electronics Engineers (IEEE), 2024, s. 153-165Konferensbidrag, Publicerat paper (Refereegranskat)
Abstract [en]

This research explores integrating LLVM's Control Flow Integrity (CFI) into the OpenJDK Java Virtual Machine (JVM) to mitigate memory corruption vulnerabilities. We present a manual approach to CFI integration that offers a solution applicable to various real-world projects. Using the DaCapo benchmark suite, we conduct a thorough performance evaluation of the CFI-integrated JVM version. Our work reveals that introducing CFI results in an average performance overhead of approximately 11.5% and a 34% increase in binary size. Remarkably, we identify specific CFI subcategories that, when implemented individually, induce performance improvements for the JVM. This finding highlights CFI's potential to enhance security and performance in Java and general applications. Our research advances the understanding of CFI integration in complex software such as the JVM, shedding light on the challenges and opportunities in securing software systems against memory corruption attacks.
Ort, förlag, år, upplaga, sidor
Institute of Electrical and Electronics Engineers (IEEE), 2024
Nyckelord
C/C++ vulnerabilities, cfi, control flow integrity, jvm, memory corruption, security methodology
Nationell ämneskategori
Datavetenskap (datalogi)
Identifikatorer
urn:nbn:se:umu:diva-232765 (URN)10.1109/SecDev61143.2024.00020 (DOI)001348939600015 ()2-s2.0-85210576918 (Scopus ID)979-8-3503-4248-2 (ISBN)979-8-3503-9193-0 (ISBN)979-8-3503-9194-7 (ISBN)
Konferens
2024 IEEE Secure Development Conference, SecDev 2024, Pittsburgh, USA, October 7-9, 2024
Tillgänglig från: 2024-12-19 Skapad: 2024-12-19 Senast uppdaterad: 2026-01-20Bibliografiskt granskad
4. CFIghter: automated control-flow integrity enablement and evaluation for legacy C/C++ systems
Öppna denna publikation i ny flik eller fönster >>CFIghter: automated control-flow integrity enablement and evaluation for legacy C/C++ systems
(Engelska)Manuskript (preprint) (Övrigt vetenskapligt)
Abstract [en]

Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects by detecting, classifying, and repairing unintended policy violations exposed by the test suite. CFIghter integrates whole-program analysis with guided runtime monitoring and iteratively applies the minimal necessary adjustments to CFI enforcement only where required, stopping once all tests pass or remaining failures are deemed unresolvable.

We evaluate CFIghter on four GNU projects. It resolves all visibility-related build errors and automatically repairs 95.8% of unintended CFI violations in the large, multi-library util-linux codebase, while retaining strict enforcement at over 89% of indirect control-flow sites. Across all subjects, CFIghter preserves strict type-based CFI for the majority of the codebase without requiring manual source-code changes, relying only on automatically generated visibility adjustments and localized enforcement scopes where necessary. These results show that automated compatibility repair makes strict compiler CFI practically deployable in mature, modular C software. 
Nyckelord
control flow integrity, software secuurity, static analysis, program analysis, mitigations, memory corruption
Nationell ämneskategori
Säkerhet, integritet och kryptologi
Forskningsämne
datalogi
Identifikatorer
urn:nbn:se:umu:diva-248697 (URN)10.48550/arXiv.2512.22701 (DOI)
Tillgänglig från: 2026-01-19 Skapad: 2026-01-19 Senast uppdaterad: 2026-01-20Bibliografiskt granskad

Open Access i DiVA

spikblad(241 kB)32 nedladdningar
Filinformation
Filnamn SPIKBLAD01.pdfFilstorlek 241 kBChecksumma SHA-512
22d21bc5373ffd3358124aea326e43a2755358c42110c56ec74a4aaf0a7a993676752b1a0f9180c828eb7e8b89e61c9be68a7d034018ccb7676c5a6159ffeed1
Typ spikbladMimetyp application/pdf
fulltext(1006 kB)62 nedladdningar
Filinformation
Filnamn FULLTEXT03.pdfFilstorlek 1006 kBChecksumma SHA-512
5709b24aeef15b329c3031890e5721147082dda00ff5dc4faad09f76bc7443a7544cb86503c4cc18923becf6a751c414a85778ce36f9faf6dc128dd03e1fcb02
Typ fulltextMimetyp application/pdf

Person

Houy, Sabine

Sök vidare i DiVA

Av författaren/redaktören
Houy, Sabine
Av organisationen
Institutionen för datavetenskap
Säkerhet, integritet och kryptologi

Sök vidare utanför DiVA

GoogleGoogle Scholar
Totalt: 62 nedladdningar
Antalet nedladdningar är summan av nedladdningar för alla fulltexter. Det kan inkludera t.ex tidigare versioner som nu inte längre är tillgängliga.

isbn
urn-nbn

Altmetricpoäng

isbn
urn-nbn
Totalt: 6037 träffar
RefereraExporteraLänk till posten
Permanent länk

Direktlänk
Referera
Referensformat
  • apa
  • ieee
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
Logga in
|
Manualer
|
Kontakta biblioteket