{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,18]],"date-time":"2026-05-18T22:41:25Z","timestamp":1779144085779,"version":"3.51.4"},"reference-count":87,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2017,4,4]],"date-time":"2017-04-04T00:00:00Z","timestamp":1491264000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000185","name":"Defense Advanced Research Projects Agency","doi-asserted-by":"crossref","award":["FA8750-15-C-0124, FA8750-15-C-0085 and FA8750-10-C-0237"],"award-info":[{"award-number":["FA8750-15-C-0124, FA8750-15-C-0085 and FA8750-10-C-0237"]}],"id":[{"id":"10.13039\/100000185","id-type":"DOI","asserted-by":"crossref"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-1464155, CNS-1513783, CNS-1657711, CNS-1513837, CNS-1619211, and IIP-1520552"],"award-info":[{"award-number":["CNS-1464155, CNS-1513783, CNS-1657711, CNS-1513837, CNS-1619211, and IIP-1520552"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]},{"name":"COMET K1 of the Austrian Research Promotion Agency"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Comput. Surv."],"published-print":{"date-parts":[[2018,1,31]]},"abstract":"Memory corruption errors in C\/C++ programs remain the most common source of security vulnerabilities in today\u2019s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the intended control flow. Researchers have spent more than a decade studying and refining defenses based on Control-Flow Integrity (CFI); this technique is now integrated into several production compilers. However, so far, no study has systematically compared the various proposed CFI mechanisms nor is there any protocol on how to compare such mechanisms. We compare a broad range of CFI mechanisms using a unified nomenclature based on (i) a qualitative discussion of the conceptual security guarantees, (ii) a quantitative security evaluation, and (iii) an empirical evaluation of their performance in the same test environment. For each mechanism, we evaluate (i) protected types of control-flow transfers and (ii) precision of the protection for forward and backward edges. For open-source, compiler-based implementations, we also evaluate (iii) generated equivalence classes and target sets and (iv) runtime performance.<\/jats:p>","DOI":"10.1145\/3054924","type":"journal-article","created":{"date-parts":[[2017,4,5]],"date-time":"2017-04-05T12:46:38Z","timestamp":1491396398000},"page":"1-33","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":181,"title":["Control-Flow Integrity"],"prefix":"10.1145","volume":"50","author":[{"given":"Nathan","family":"Burow","sequence":"first","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Scott A.","family":"Carr","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Joseph","family":"Nash","sequence":"additional","affiliation":[{"name":"University of California, Irvine"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Per","family":"Larsen","sequence":"additional","affiliation":[{"name":"University of California, Irvine"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michael","family":"Franz","sequence":"additional","affiliation":[{"name":"University of California, Irvine"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Brunthaler","sequence":"additional","affiliation":[{"name":"Paderborn University 8 SBA Research"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5054-7547","authenticated-orcid":false,"given":"Mathias","family":"Payer","sequence":"additional","affiliation":[{"name":"Purdue University"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2017,4,4]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1145\/1102120.1102165"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1007\/11576280_9"},{"key":"e_1_2_1_3_1","volume-title":"Annual Design Automation Conference (DAC\u201915)","author":"Arias Orlando","year":"2015","unstructured":"Orlando Arias , Lucas Davi , Matthias Hanreich , Yier Jin , Patrick Koeberl , Debayan Paul , Ahmad-Reza Sadeghi , and Dean Sullivan . 2015 . HAFIX: Hardware-assisted flow integrity extension . In Annual Design Automation Conference (DAC\u201915) . Orlando Arias, Lucas Davi, Matthias Hanreich, Yier Jin, Patrick Koeberl, Debayan Paul, Ahmad-Reza Sadeghi, and Dean Sullivan. 2015. HAFIX: Hardware-assisted flow integrity extension. In Annual Design Automation Conference (DAC\u201915)."},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/857076.857077"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/236338.236371"},{"key":"e_1_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.1145\/362248.362270"},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/2076732.2076783"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23421"},{"key":"e_1_2_1_9_1","volume-title":"24th USENIX Security Symposium, USENIX Security 15","author":"Carlini Nicholas","year":"2015","unstructured":"Nicholas Carlini , Antonio Barresi , Mathias Payer , David Wagner , and Thomas R. Gross . 2015. Control-flow bending: On the effectiveness of control-flow integrity . In 24th USENIX Security Symposium, USENIX Security 15 . Washington, D.C. , August 12-14, 2015 . Nicholas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross. 2015. Control-flow bending: On the effectiveness of control-flow integrity. In 24th USENIX Security Symposium, USENIX Security 15. Washington, D.C., August 12-14, 2015."},{"key":"e_1_2_1_10_1","volume-title":"USENIX Security Symposium.","author":"Carlini Nicholas","year":"2014","unstructured":"Nicholas Carlini and David Wagner . 2014 . ROP is still dangerous: Breaking modern defenses . In USENIX Security Symposium. Nicholas Carlini and David Wagner. 2014. ROP is still dangerous: Breaking modern defenses. In USENIX Security Symposium."},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1866307.1866370"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23156"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2857705.2857722"},{"key":"e_1_2_1_14_1","volume-title":"LLVM\u2014Control Flow Integrity. (2015). Retrieved","author":"Collingbourne Peter","year":"2017","unstructured":"Peter Collingbourne . 2015. LLVM\u2014Control Flow Integrity. (2015). Retrieved March 1, 2017 from http:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html. Peter Collingbourne. 2015. LLVM\u2014Control Flow Integrity. (2015). Retrieved March 1, 2017 from http:\/\/clang.llvm.org\/docs\/ControlFlowIntegrity.html."},{"key":"e_1_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813671"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.26"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.26"},{"key":"e_1_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1145\/2714576.2714635"},{"key":"e_1_2_1_19_1","volume-title":"Symposium on Network and Distributed System Security (NDSS\u201912)","author":"Davi Lucas","year":"2012","unstructured":"Lucas Davi , Alexandra Dmitrienko , Manuel Egele , Thomas Fischer , Thorsten Holz , Ralf Hund , Stefan N\u00fcrnberger , and Ahmad-Reza Sadeghi . 2012 . MoCFI: A framework to mitigate control-flow attacks on smartphones . In Symposium on Network and Distributed System Security (NDSS\u201912) . Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan N\u00fcrnberger, and Ahmad-Reza Sadeghi. 2012. MoCFI: A framework to mitigate control-flow attacks on smartphones. In Symposium on Network and Distributed System Security (NDSS\u201912)."},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/2593069.2596656"},{"key":"e_1_2_1_21_1","volume-title":"USENIX Security Symposium.","author":"Davi Lucas","year":"2014","unstructured":"Lucas Davi , Daniel Lehmann , Ahmad-Reza Sadeghi , and Fabian Monrose . 2014 b. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection . In USENIX Security Symposium. Lucas Davi, Daniel Lehmann, Ahmad-Reza Sadeghi, and Fabian Monrose. 2014b. Stitching the gadgets: On the ineffectiveness of coarse-grained control-flow integrity protection. In USENIX Security Symposium."},{"key":"e_1_2_1_22_1","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-49538-X_5"},{"key":"e_1_2_1_23_1","volume-title":"van Campenhout","author":"Debaere Eddy H.","year":"1990","unstructured":"Eddy H. Debaere and Jan M . van Campenhout . 1990 . Interpretation and Instruction Path Coprocessing. MIT Press , Cambridge, MA. Eddy H. Debaere and Jan M. van Campenhout. 1990. Interpretation and Instruction Path Coprocessing. MIT Press, Cambridge, MA."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.53"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813646"},{"key":"e_1_2_1_26_1","volume-title":"Exploiting Adobe Flash Player in the era of Control Flow Guard. BlackHat EU\u201915. Retrieved","author":"Falcon Francisco","year":"2017","unstructured":"Francisco Falcon . 2015. Exploiting Adobe Flash Player in the era of Control Flow Guard. BlackHat EU\u201915. Retrieved March 1, 2017 from https:\/\/www.blackhat.com\/docs\/eu-15\/materials\/eu-15-Falcon-Exploiting-Adobe-Flash-Player-In-The-Era-Of-Control-Flow-Guard.pdf. Francisco Falcon. 2015. Exploiting Adobe Flash Player in the era of Control Flow Guard. BlackHat EU\u201915. Retrieved March 1, 2017 from https:\/\/www.blackhat.com\/docs\/eu-15\/materials\/eu-15-Falcon-Exploiting-Adobe-Flash-Player-In-The-Era-Of-Control-Flow-Guard.pdf."},{"key":"e_1_2_1_27_1","volume-title":"ROPGuard: Runtime Prevention of Return-Oriented Programming Attacks. Retrieved","author":"Fratric Ivan","year":"2017","unstructured":"Ivan Fratric . 2012. ROPGuard: Runtime Prevention of Return-Oriented Programming Attacks. Retrieved March 1, 2017 from http:\/\/www.ieee.hr\/_download\/repository\/Ivan_Fratric.pdf. (2012). Ivan Fratric. 2012. ROPGuard: Runtime Prevention of Return-Oriented Programming Attacks. Retrieved March 1, 2017 from http:\/\/www.ieee.hr\/_download\/repository\/Ivan_Fratric.pdf. (2012)."},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/EuroSP.2016.24"},{"key":"e_1_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.43"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/506315.506316"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/1181775.1181785"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1145\/1250734.1250767"},{"key":"e_1_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2011.5764696"},{"key":"e_1_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1145\/379605.379665"},{"key":"e_1_2_1_35_1","doi-asserted-by":"publisher","DOI":"10.1145\/347636.348916"},{"key":"e_1_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/178243.178478"},{"key":"e_1_2_1_37_1","unstructured":"Intel Inc. 2013. Intel 64 and IA-32 Architectures. Software Developer\u2019s Manual. Intel Inc. 2013. Intel 64 and IA-32 Architectures. Software Developer\u2019s Manual."},{"key":"e_1_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2014.23287"},{"key":"e_1_2_1_39_1","volume-title":"Secure Execution Environment via Program Shepherding. Master\u2019s thesis","author":"Kiriansky Vladimir","unstructured":"Vladimir Kiriansky . 2013. Secure Execution Environment via Program Shepherding. Master\u2019s thesis . Massachusetts Institute of Technology , Cambridge, MA . Vladimir Kiriansky. 2013. Secure Execution Environment via Program Shepherding. Master\u2019s thesis. Massachusetts Institute of Technology, Cambridge, MA."},{"key":"e_1_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.5555\/647253.720293"},{"key":"e_1_2_1_41_1","doi-asserted-by":"publisher","DOI":"10.1109\/MC.1982.1653970"},{"key":"e_1_2_1_42_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.25"},{"key":"e_1_2_1_43_1","doi-asserted-by":"crossref","unstructured":"O. Lhot\u00e1k and Laurie Hendren. 2006. Context-sensitive points-to analysis: Is it worth it? Compiler Construction 47--64. O. Lhot\u00e1k and Laurie Hendren. 2006. Context-sensitive points-to analysis: Is it worth it? Compiler Construction 47--64.","DOI":"10.1007\/11688839_5"},{"key":"e_1_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813676"},{"key":"e_1_2_1_45_1","volume-title":"SELinux: NSA\u2019s Open Source Security Enhanced Linux. O\u2019Reilly Media","author":"McCarty Bill","unstructured":"Bill McCarty . 2004. SELinux: NSA\u2019s Open Source Security Enhanced Linux. O\u2019Reilly Media , Inc., Sebastopol, CA. Bill McCarty. 2004. SELinux: NSA\u2019s Open Source Security Enhanced Linux. O\u2019Reilly Media, Inc., Sebastopol, CA."},{"key":"e_1_2_1_46_1","volume-title":"Data Execution Prevention (DEP). Retrieved","year":"2017","unstructured":"Microsoft. 2006. Data Execution Prevention (DEP). Retrieved March 1, 2017 from http:\/\/support.microsoft.com\/kb\/875352\/EN-US\/. Microsoft. 2006. Data Execution Prevention (DEP). Retrieved March 1, 2017 from http:\/\/support.microsoft.com\/kb\/875352\/EN-US\/."},{"key":"e_1_2_1_47_1","volume-title":"Visual Studio 2015\u2014Compiler Options\u2014Enable Control Flow Guard. Retrieved","year":"2017","unstructured":"Microsoft. 2015a. Visual Studio 2015\u2014Compiler Options\u2014Enable Control Flow Guard. Retrieved March 1, 2017 from https:\/\/msdn.microsoft.com\/en-us\/library\/dn919635.aspx. Microsoft. 2015a. Visual Studio 2015\u2014Compiler Options\u2014Enable Control Flow Guard. Retrieved March 1, 2017 from https:\/\/msdn.microsoft.com\/en-us\/library\/dn919635.aspx."},{"key":"e_1_2_1_48_1","volume-title":"SetProcessValidCallTargets function. Retrieved","year":"2017","unstructured":"Microsoft. 2015b. SetProcessValidCallTargets function. Retrieved March 1, 2017 from https:\/\/msdn.microsoft.com\/en-us\/enus\/library\/windows\/desktop\/dn934202(v=vs.85).aspx. (2015). Microsoft. 2015b. SetProcessValidCallTargets function. Retrieved March 1, 2017 from https:\/\/msdn.microsoft.com\/en-us\/enus\/library\/windows\/desktop\/dn934202(v=vs.85).aspx. (2015)."},{"key":"e_1_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/566171.566174"},{"key":"e_1_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/379605.379671"},{"key":"e_1_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2015.23271"},{"key":"e_1_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1145\/1542476.1542504"},{"key":"e_1_2_1_53_1","doi-asserted-by":"publisher","DOI":"10.1145\/1806651.1806657"},{"key":"e_1_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-662-03811-6"},{"key":"e_1_2_1_55_1","volume-title":"Principles of Program Analysis","author":"Nielson Flemming","unstructured":"Flemming Nielson , Hanne R. Nielson , and Chris Hankin . 2009. Principles of Program Analysis . Springer , New York, NY . Flemming Nielson, Hanne R. Nielson, and Chris Hankin. 2009. Principles of Program Analysis. Springer, New York, NY."},{"key":"e_1_2_1_56_1","doi-asserted-by":"publisher","DOI":"10.1145\/2666356.2594295"},{"key":"e_1_2_1_57_1","doi-asserted-by":"publisher","DOI":"10.1145\/2660267.2660281"},{"key":"e_1_2_1_58_1","volume-title":"MCFI readme. Retrieved","author":"Niu Ben","year":"2017","unstructured":"Ben Niu and Gang Tan . 2015a. MCFI readme. Retrieved March 1, 2017 from https:\/\/github.com\/mcfi\/MCFI\/blob\/master\/README.md. Ben Niu and Gang Tan. 2015a. MCFI readme. Retrieved March 1, 2017 from https:\/\/github.com\/mcfi\/MCFI\/blob\/master\/README.md."},{"key":"e_1_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/2810103.2813644"},{"key":"e_1_2_1_60_1","volume-title":"USENIX Security Symposium.","author":"Pappas Vasilis","unstructured":"Vasilis Pappas , Michalis Polychronakis , and Angelos D. Keromytis . 2013. Transparent ROP exploit mitigation using indirect branch tracing . In USENIX Security Symposium. Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis. 2013. Transparent ROP exploit mitigation using indirect branch tracing. In USENIX Security Symposium."},{"key":"e_1_2_1_61_1","volume-title":"Intel releases new technology specifications to protect against ROP attacks. Retrieved","author":"Patel Baiju","year":"2017","unstructured":"Baiju Patel . 2016. Intel releases new technology specifications to protect against ROP attacks. Retrieved March 1, 2017 from http:\/\/blogs.intel.com\/evangelists\/2016\/06\/09\/intel-release-new-technology-specifications-protect-rop-attacks\/. Baiju Patel. 2016. Intel releases new technology specifications to protect against ROP attacks. Retrieved March 1, 2017 from http:\/\/blogs.intel.com\/evangelists\/2016\/06\/09\/intel-release-new-technology-specifications-protect-rop-attacks\/."},{"key":"e_1_2_1_62_1","unstructured":"PaX-Team. 2003a. PaX ASLR (Address Space Layout Randomization). Retrieved March 1 2017 from http:\/\/pax.grsecurity.net\/docs\/aslr.txt. PaX-Team. 2003a. PaX ASLR (Address Space Layout Randomization). Retrieved March 1 2017 from http:\/\/pax.grsecurity.net\/docs\/aslr.txt."},{"key":"e_1_2_1_63_1","volume-title":"PaX Future. Retrieved","year":"2017","unstructured":"PaX-Team. 2003b. PaX Future. Retrieved March 1, 2017 from https:\/\/pax.grsecurity.net\/docs\/pax-future.txt. PaX-Team. 2003b. PaX Future. Retrieved March 1, 2017 from https:\/\/pax.grsecurity.net\/docs\/pax-future.txt."},{"key":"e_1_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-20550-2_8"},{"key":"e_1_2_1_65_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523674"},{"key":"e_1_2_1_66_1","doi-asserted-by":"publisher","DOI":"10.1145\/2133375.2133377"},{"key":"e_1_2_1_67_1","doi-asserted-by":"publisher","DOI":"10.1109\/CGO.2015.7054191"},{"key":"e_1_2_1_68_1","doi-asserted-by":"publisher","DOI":"10.1145\/996821.996829"},{"key":"e_1_2_1_69_1","doi-asserted-by":"publisher","DOI":"10.1109\/JSAC.2002.806121"},{"key":"e_1_2_1_70_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2015.51"},{"key":"e_1_2_1_71_1","doi-asserted-by":"crossref","unstructured":"Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In CCS\u201907. Hovav Shacham. 2007. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86). In CCS\u201907.","DOI":"10.1145\/1315245.1315313"},{"key":"e_1_2_1_72_1","volume-title":"Two approaches to interprocedural data flow analysis","author":"Sharir Micha","unstructured":"Micha Sharir and Amir Pnueli . 1981. Two approaches to interprocedural data flow analysis . In Program Flow Analysis, Steven S. Muchnick and Neil D. Jones (Eds.). Prentice Hall , Upper Saddle River, NJ. Micha Sharir and Amir Pnueli. 1981. Two approaches to interprocedural data flow analysis. In Program Flow Analysis, Steven S. Muchnick and Neil D. Jones (Eds.). Prentice Hall, Upper Saddle River, NJ."},{"key":"e_1_2_1_73_1","doi-asserted-by":"publisher","DOI":"10.1561\/2500000014"},{"key":"e_1_2_1_74_1","doi-asserted-by":"publisher","DOI":"10.1145\/1925844.1926390"},{"key":"e_1_2_1_75_1","doi-asserted-by":"publisher","DOI":"10.1145\/2897937.2898098"},{"key":"e_1_2_1_76_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2013.13"},{"key":"e_1_2_1_77_1","volume-title":"USENIX Security Symposium.","author":"Tice Caroline","year":"2014","unstructured":"Caroline Tice , Tom Roeder , Peter Collingbourne , Stephen Checkoway , \u00dalfar Erlingsson , Luis Lozano , and Geoff Pike . 2014 . Enforcing forward-edge control-flow integrity in GCC 8 LLVM . In USENIX Security Symposium. Caroline Tice, Tom Roeder, Peter Collingbourne, Stephen Checkoway, \u00dalfar Erlingsson, Luis Lozano, and Geoff Pike. 2014. Enforcing forward-edge control-flow integrity in GCC 8 LLVM. In USENIX Security Symposium."},{"key":"e_1_2_1_78_1","doi-asserted-by":"publisher","DOI":"10.1145\/354222.353190"},{"key":"e_1_2_1_79_1","unstructured":"Arjan van de Ven and Ingo Molnar. 2004. Exec Shield. Retrieved March 1 2017 from https:\/\/www.redhat.com\/f\/pdf\/rhel\/WHP0006US_Execshield.pdf. (2004). Arjan van de Ven and Ingo Molnar. 2004. Exec Shield. Retrieved March 1 2017 from https:\/\/www.redhat.com\/f\/pdf\/rhel\/WHP0006US_Execshield.pdf. (2004)."},{"key":"e_1_2_1_80_1","volume-title":"ACM Conference on Computer and Communications Security (CCS\u201915)","author":"van der Veen Victor","year":"2015","unstructured":"Victor van der Veen , Dennis Andriesse , Enes G\u00f6kta\u015f , Ben Gras , Lionel Sambuc , Asia Slowinska , Herbert Bos , and Cristiano Giuffrida . 2015 . PathArmor: Practical ROP protection using context-sensitive CFI . In ACM Conference on Computer and Communications Security (CCS\u201915) . Victor van der Veen, Dennis Andriesse, Enes G\u00f6kta\u015f, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, and Cristiano Giuffrida. 2015. PathArmor: Practical ROP protection using context-sensitive CFI. In ACM Conference on Computer and Communications Security (CCS\u201915)."},{"key":"e_1_2_1_81_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2010.30"},{"key":"e_1_2_1_82_1","volume-title":"Windows 10 Mitigation Improvements. BlackHat\u201916. Retrieved","author":"Weston David","year":"2017","unstructured":"David Weston and Matt Miller . 2016. Windows 10 Mitigation Improvements. BlackHat\u201916. Retrieved March 1, 2017 from https:\/\/www.blackhat.com\/docs\/us-16\/materials\/us-16-Weston-Windows-10-Mitigation-Improvements.pdf. David Weston and Matt Miller. 2016. Windows 10 Mitigation Improvements. BlackHat\u201916. Retrieved March 1, 2017 from https:\/\/www.blackhat.com\/docs\/us-16\/materials\/us-16-Weston-Windows-10-Mitigation-Improvements.pdf."},{"key":"e_1_2_1_83_1","volume-title":"IEEE\/IFIP Conference on Dependable Systems and Networks (DSN\u201912)","author":"Xia Yubin","year":"2012","unstructured":"Yubin Xia , Yutao Liu , Haibo Chen , and Binyu Zang . 2012 . CFIMon: Detecting violation of control flow integrity using performance counters . In IEEE\/IFIP Conference on Dependable Systems and Networks (DSN\u201912) . Yubin Xia, Yutao Liu, Haibo Chen, and Binyu Zang. 2012. CFIMon: Detecting violation of control flow integrity using performance counters. In IEEE\/IFIP Conference on Dependable Systems and Networks (DSN\u201912)."},{"key":"e_1_2_1_84_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-26362-5_4"},{"key":"e_1_2_1_85_1","volume-title":"Symposium on Network and Distributed System Security (NDSS\u201915)","author":"Zhang Chao","year":"2015","unstructured":"Chao Zhang , Chengyu Song , Kevin Zhijie Chen , Zhaofeng Chen , and Dawn Song . 2015 . VTint: Defending virtual function tables\u2019 integrity . In Symposium on Network and Distributed System Security (NDSS\u201915) . Chao Zhang, Chengyu Song, Kevin Zhijie Chen, Zhaofeng Chen, and Dawn Song. 2015. VTint: Defending virtual function tables\u2019 integrity. In Symposium on Network and Distributed System Security (NDSS\u201915)."},{"key":"e_1_2_1_86_1","volume-title":"IEEE Symposium on Security and Privacy (S8P\u201913)","author":"Zhang Chao","year":"2013","unstructured":"Chao Zhang , Tao Wei , Zhaofeng Chen , Lei Duan , Laszlo Szekeres , Stephen McCamant , Dawn Song , and Wei Zou . 2013 . Practical control flow integrity 8 randomization for binary executables . In IEEE Symposium on Security and Privacy (S8P\u201913) . Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Laszlo Szekeres, Stephen McCamant, Dawn Song, and Wei Zou. 2013. Practical control flow integrity 8 randomization for binary executables. In IEEE Symposium on Security and Privacy (S8P\u201913)."},{"key":"e_1_2_1_87_1","volume-title":"USENIX Security Symposium.","author":"Zhang Mingwei","unstructured":"Mingwei Zhang and R. Sekar . 2013. Control flow integrity for COTS binaries . In USENIX Security Symposium. Mingwei Zhang and R. Sekar. 2013. Control flow integrity for COTS binaries. In USENIX Security Symposium."}],"container-title":["ACM Computing Surveys"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3054924","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3054924","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3054924","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T03:36:43Z","timestamp":1750217803000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3054924"}},"subtitle":["Precision, Security, and Performance"],"short-title":[],"issued":{"date-parts":[[2017,4,4]]},"references-count":87,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2018,1,31]]}},"alternative-id":["10.1145\/3054924"],"URL":"https:\/\/doi.org\/10.1145\/3054924","relation":{},"ISSN":["0360-0300","1557-7341"],"issn-type":[{"value":"0360-0300","type":"print"},{"value":"1557-7341","type":"electronic"}],"subject":[],"published":{"date-parts":[[2017,4,4]]},"assertion":[{"value":"2016-04-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-01-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2017-04-04","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}