Fully Context-Sensitive CFI for COTS Binaries

Control-Flow Integrity (CFI) is a popular method against control-flow hijacking attacks. For Commercial Off-the-Shelf (COTS) binaries, in order to reduce the runtime overhead, traditional works provide coarse-grained CFI and thus are context-insensitive. Because of the inaccuracy of the control-flow graphs (CFGs), they can hardly defend against elaborately designed attacks. We present a fully context-sensitive CFI method (FCCFI), which determines the validity of the control flow of the current execution path through checking the whole execution path instead of the single edge or partial edges in the execution path. FCCFI gathers the control-flow information in the offline phase and tracks the execution paths to gather the process-tracking information during runtime. Then it compares the control-flow information with the process-tracking information to check the validity of the control flow. We implement the system and evaluate the security of the implementation. The evaluation results show that FCCFI can defend against most common control-flow hijacking attacks.