MID-007: Control Flow Manipulation Protections
Mitigation Tier: Intermediate
Description
Control Flow Integrity (CFI) mechanisms ensure that the runtime flow of the program does not deviate from the developer’s intended control flow. In the presence of CFI, threat actors have a more difficult time changing the flow of a program or violating program behaviors because the program has checks in place to ensure that the right functions are called at predictable memory locations. This can prevent against attacks that abuse valid memory spaces and existing code, such as Return Oriented Programming (ROP) seen in TID-206: Memory Management Protections Subverted, because the program code flow, and therefore sections of code such as return addresses, are guaranteed integrity and therefore cannot be manipulated.
IEC 62443 4-2 Mappings
- SAR / EDR / HDR / NDR 3.2 – Protection from malicious code
References
[1] M. Benatto. “Fighting exploits with Control-Flow Integrity (CFI) in Clang.” redhat.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.redhat.com/en/blog/fighting-exploits-control-flow-integrity-cfi-clang
[2] Android. “Control flow integrity.” android.com. Accessed: Aug. 28, 2024. [Online.] Available: https://source.android.com/docs/security/test/cfi
[3] R. Walls, N. Brown, T. Le Baron, C. Chue, H. Okharvi, B. Ward. “Control-Flow Integrity for Real-Time Embedded Systems.” mit.edu. Accessed: Aug. 28, 2024. [Online.] Available: https://web.mit.edu/ha22286/www/papers/ECRTS19.pdf
[4] I. Anati and O. Simhon. “Control Flow Enforcement Technology.” intel.com. Accessed: Aug. 28, 2024. [Online.] Available: https://www.intel.com/content/dam/develop/external/us/en/documents/catc17-introduction-intel-cet-844137.pdf
[5] National Security Agency. “Software Memory Safety.” defense.gov. Accessed: Aug. 28, 2024. [Online.] Available: https://media.defense.gov/2022/Nov/10/2003112742/-1/-1/0/CSI_SOFTWARE_MEMORY_SAFETY.PDF
[6] Apple. “Improving control flow integrity with pointer authentication.” apple.com. Accessed: Aug. 28, 2024. [Online.] Available: https://developer.apple.com/documentation/browserenginekit/improving-control-flow-integrity-with-pointer-authentication
[7] Microsoft. “Control Flow Guard for platform security.” microsoft.com. Accessed: Aug. 28, 2024. [Online.] Available: https://learn.microsoft.com/en-us/windows/win32/secbp/control-flow-guard
[8] ARM. “Overview of Control Flow Integrity.” arm.com. Accessed: Aug. 28, 2024. [Online.] Available: https://developer.arm.com/documentation/100748/0619/Security-features-supported-in-Arm-Compiler-for-Embedded/Overview-of-Control-Flow-Integrity