Eternal War in Software Security: A Survey of Control Flow Protection

摘要

Software security is the cornerstone of computer system security. Among all the elements consisting of software security, control flow protection is undoubtedly the most important one. Once the process's control flow is hijacked, attacker can manipulate it to implement a variety of malicious acts and break through other protection mechanisms which ultimately lead to the control of the entire system. This paper will present a series of offensive and defensive technologies about Control Flow Protection which have been developed in the past three decades. The paper will elaborate the causes of their emergence, explain the principle of their implement, and compare the security and performance of their method. Additionally, it will introduce some other technologies applied in the progress of attack and mitigation, such as program analysis, virtual memory management, machine learning and so on. Through those above illustration and analysis, the paper summarizes three primary suggestions which not only can enlighten security engineers on the design of new methods, but also can help general developers to estimate their software's robustness, practicability and performance.