MoCFI: A Framework to Mitigate Control-Flow Attacks on Smartphones

Author(s): Lucas Davi, Alexandra Dmitrienko, Manuel Egele, Thomas Fischer, Thorsten Holz, Ralf Hund, Stefan Nürnberger and Ahmad-Reza Sadeghi

Download: Paper (PDF)

Date: 7 Feb 2012

Document Type: Briefing Papers

Associated Event: NDSS Symposium 2012

Abstract:

Control-flow attacks constitute severe threats to software programs on various computing platforms. While control-flow integrity (CFI), a general approach to prohibit these attacks, exist for Intel x86, there is no such a solution for smartphones. We present a novel framework, MoCFI (Mobile CFI) that enforces CFI on-the-fly at runtime on smartphones without requiring source code.