Control-Flow Bending - On the Effectiveness of Control-Flow Integrity

Explore a conference talk from USENIX Security '15 that examines the effectiveness of Control-Flow Integrity (CFI) as a defense against control-flow hijacking attacks. Delve into the research conducted by experts from the University of California, Berkeley, ETH Zürich, and Purdue University as they challenge common evaluation metrics and reveal limitations in fully-precise static CFI security. Learn about Control-Flow Bending (CFB), a generalization of non-control-data attacks, and its implications for achieving Turing-complete computation using standard library calls. Analyze the evaluation results of CFI on six real binaries and understand why CFI may not be a reliable defense against memory corruption vulnerabilities. Additionally, examine the role of shadow stacks in combination with CFI and their impact on enhancing security measures.

Intro
Background
Control-Flow Integrity
Shadow Stacks
Prior Work: Weak CFI is broken
Return to Libc: Challenges
Dispatcher Functions
Evaluation (part 1)
Evaluation (part 2)
Printf-Oriented Programming
Conclusion
Questions?