PathArmor is the first practical Context-sensitive Control-Flow Integrity (CFI) platform. Related work demonstrates that prior CFI implementations, which track control transfers individually, still leave sufficient leeway for powerful ROP attacks. Context-sensitive CFI improves security by validating control transfers to sensitive program states within the context of preceding edges, greatly reducing the number of exploitable program paths available to an attacker.
PathArmor is available open-source at https://github.com/vusec/patharmor.
git clone https://github.com/vusec/patharmor
This work was supported by the European Commission through project H2020 ICT-32-2014 “SHARCS” under Grant Agreement No. 644571, by the European Research Council through project ERC-2010-StG 259108 “Rosetta”, and by the Netherlands Organisation for Scientific Research through grants NWO 639.023.309 VICI “Dowsing” and NWO CSI-DHS 628.001.021. The public artifacts reflect only the authors’ view. The funding agencies are not responsible for any use that may be made of the information they contain.