{"id":"https://openalex.org/W2258876169","doi":"https://doi.org/10.1145/3054924","title":"Control-Flow Integrity","display_name":"Control-Flow Integrity","publication_year":2017,"publication_date":"2017-04-04","ids":{"openalex":"https://openalex.org/W2258876169","doi":"https://doi.org/10.1145/3054924","mag":"2258876169"},"language":"en","primary_location":{"id":"doi:10.1145/3054924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3054924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3054924","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"bronze","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3054924","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5061277591","display_name":"Nathan Burow","orcid":"https://orcid.org/0000-0002-3531-2261"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Nathan Burow","raw_affiliation_strings":["Purdue University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063568559","display_name":"Scott Carr","orcid":null},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Scott A. Carr","raw_affiliation_strings":["Purdue University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5054773888","display_name":"Joseph Nash","orcid":null},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Joseph Nash","raw_affiliation_strings":["University of California, Irvine"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Irvine","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029451644","display_name":"Per Larsen","orcid":"https://orcid.org/0009-0000-2928-4121"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Per Larsen","raw_affiliation_strings":["University of California, Irvine"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Irvine","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5103069673","display_name":"Michael Franz","orcid":"https://orcid.org/0000-0001-5911-2275"},"institutions":[{"id":"https://openalex.org/I204250578","display_name":"University of California, Irvine","ror":"https://ror.org/04gyf1771","country_code":"US","type":"education","lineage":["https://openalex.org/I204250578"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Michael Franz","raw_affiliation_strings":["University of California, Irvine"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of California, Irvine","institution_ids":["https://openalex.org/I204250578"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058365944","display_name":"Stefan Brunthaler","orcid":"https://orcid.org/0000-0001-9766-4871"},"institutions":[{"id":"https://openalex.org/I206945453","display_name":"Paderborn University","ror":"https://ror.org/058kzsd48","country_code":"DE","type":"education","lineage":["https://openalex.org/I206945453"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Stefan Brunthaler","raw_affiliation_strings":["Paderborn University 8 SBA Research"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Paderborn University 8 SBA Research","institution_ids":["https://openalex.org/I206945453"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5065116578","display_name":"Mathias Payer","orcid":"https://orcid.org/0000-0001-5054-7547"},"institutions":[{"id":"https://openalex.org/I219193219","display_name":"Purdue University West Lafayette","ror":"https://ror.org/02dqehb95","country_code":"US","type":"education","lineage":["https://openalex.org/I219193219"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mathias Payer","raw_affiliation_strings":["Purdue University"],"raw_orcid":"https://orcid.org/0000-0001-5054-7547","affiliations":[{"raw_affiliation_string":"Purdue University","institution_ids":["https://openalex.org/I219193219"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5061277591"],"corresponding_institution_ids":["https://openalex.org/I219193219"],"apc_list":null,"apc_paid":null,"fwci":23.5151,"has_fulltext":true,"cited_by_count":249,"citation_normalized_percentile":{"value":0.99548304,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":"50","issue":"1","first_page":"1","last_page":"33"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9998999834060669,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9926999807357788,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9402999877929688,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.90278559923172},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.7413897514343262},{"id":"https://openalex.org/keywords/compiler","display_name":"Compiler","score":0.7157145738601685},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.6956546902656555},{"id":"https://openalex.org/keywords/implementation","display_name":"Implementation","score":0.5641263723373413},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.49413803219795227},{"id":"https://openalex.org/keywords/static-analysis","display_name":"Static analysis","score":0.4196040630340576},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.3561708927154541}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.90278559923172},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.7413897514343262},{"id":"https://openalex.org/C169590947","wikidata":"https://www.wikidata.org/wiki/Q47506","display_name":"Compiler","level":2,"score":0.7157145738601685},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.6956546902656555},{"id":"https://openalex.org/C26713055","wikidata":"https://www.wikidata.org/wiki/Q245962","display_name":"Implementation","level":2,"score":0.5641263723373413},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.49413803219795227},{"id":"https://openalex.org/C97686452","wikidata":"https://www.wikidata.org/wiki/Q7604153","display_name":"Static analysis","level":2,"score":0.4196040630340576},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.3561708927154541}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3054924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3054924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3054924","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1145/3054924","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3054924","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3054924","source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","score":0.8100000023841858,"id":"https://metadata.un.org/sdg/16"}],"awards":[{"id":"https://openalex.org/G1880669887","display_name":"TWC: TTP Option: Medium: Collaborative: ENCORE - ENhanced program protection through COmpiler-REwriter cooperation","funder_award_id":"1513837","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G3139507657","display_name":null,"funder_award_id":"FA8750-15-C-0124, FA8750-15-C-0085","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G3895765067","display_name":"CRII: SaTC: Lockdown: Guarded Control-Flow and Data Privacy for Sensitive Data","funder_award_id":"1464155","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4424407468","display_name":"TWC: TTP Option: Medium: Collaborative: ENCORE - ENhanced program protection through COmpiler-REwriter cooperation","funder_award_id":"1513783","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4713059963","display_name":null,"funder_award_id":"FA8750","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G5251918964","display_name":"SBIR Phase I:  Immunizing Software Against Exploits and Malware","funder_award_id":"1520552","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5531295971","display_name":null,"funder_award_id":"FA8750-10-C-0237","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G6229702962","display_name":null,"funder_award_id":"CNS-1464155, CNS-1513783, CNS-1657711, CNS-1513837, CNS-1619211, and IIP-1520552","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G7861664170","display_name":null,"funder_award_id":"FA8750-15-C-0124, FA8750-15-C-0085 and FA8750-10-C-0237","funder_id":"https://openalex.org/F4320332180","funder_display_name":"Defense Advanced Research Projects Agency"},{"id":"https://openalex.org/G7879484459","display_name":null,"funder_award_id":"COMET K1","funder_id":"https://openalex.org/F4320323031","funder_display_name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft"},{"id":"https://openalex.org/G8575633552","display_name":"TWC: Small: Hydra - Hybrid Defenses for Resilient Applications: Practical Approaches Towards Defense In Depth","funder_award_id":"1619211","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G876288804","display_name":null,"funder_award_id":"CNS-1464155","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"},{"id":"https://openalex.org/F4320323031","display_name":"\u00d6sterreichische Forschungsf\u00f6rderungsgesellschaft","ror":"https://ror.org/028jc0449"},{"id":"https://openalex.org/F4320332180","display_name":"Defense Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"},{"id":"https://openalex.org/F4320332815","display_name":"Advanced Research Projects Agency","ror":"https://ror.org/02caytj08"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2258876169.pdf","grobid_xml":"https://content.openalex.org/works/W2258876169.grobid-xml"},"referenced_works_count":78,"referenced_works":["https://openalex.org/W70478248","https://openalex.org/W148396834","https://openalex.org/W1429241971","https://openalex.org/W1477563924","https://openalex.org/W1513374759","https://openalex.org/W1533944741","https://openalex.org/W1538332098","https://openalex.org/W1553894716","https://openalex.org/W1557543533","https://openalex.org/W1590050693","https://openalex.org/W1591211019","https://openalex.org/W1631846088","https://openalex.org/W1816718056","https://openalex.org/W1823377586","https://openalex.org/W1968002620","https://openalex.org/W1969338270","https://openalex.org/W1969599528","https://openalex.org/W1979582240","https://openalex.org/W1990465482","https://openalex.org/W1993682390","https://openalex.org/W1996931407","https://openalex.org/W2000050212","https://openalex.org/W2000194923","https://openalex.org/W2001610548","https://openalex.org/W2001978806","https://openalex.org/W2004456327","https://openalex.org/W2004769014","https://openalex.org/W2015083179","https://openalex.org/W2022292029","https://openalex.org/W2024326949","https://openalex.org/W2033029512","https://openalex.org/W2042856445","https://openalex.org/W2046699259","https://openalex.org/W2051600169","https://openalex.org/W2059969702","https://openalex.org/W2072102701","https://openalex.org/W2074943483","https://openalex.org/W2080313875","https://openalex.org/W2081105932","https://openalex.org/W2086839628","https://openalex.org/W2089448621","https://openalex.org/W2093334386","https://openalex.org/W2109219878","https://openalex.org/W2117115928","https://openalex.org/W2117426803","https://openalex.org/W2117798902","https://openalex.org/W2122049982","https://openalex.org/W2122757982","https://openalex.org/W2128171167","https://openalex.org/W2132685964","https://openalex.org/W2133592286","https://openalex.org/W2134569009","https://openalex.org/W2138378640","https://openalex.org/W2141442517","https://openalex.org/W2153578567","https://openalex.org/W2155851497","https://openalex.org/W2158348506","https://openalex.org/W2159216827","https://openalex.org/W2162800072","https://openalex.org/W2171240827","https://openalex.org/W2171929398","https://openalex.org/W2295234910","https://openalex.org/W2296563811","https://openalex.org/W2339802588","https://openalex.org/W2350778671","https://openalex.org/W2368550879","https://openalex.org/W2397986719","https://openalex.org/W2406423978","https://openalex.org/W2579099470","https://openalex.org/W2913068020","https://openalex.org/W3000743918","https://openalex.org/W3009605109","https://openalex.org/W3023860284","https://openalex.org/W3147482974","https://openalex.org/W4206770190","https://openalex.org/W4237409376","https://openalex.org/W4238080077","https://openalex.org/W4365806382"],"related_works":["https://openalex.org/W17155033","https://openalex.org/W3207760230","https://openalex.org/W1496222301","https://openalex.org/W4312814274","https://openalex.org/W1590307681","https://openalex.org/W4384302888","https://openalex.org/W141487401","https://openalex.org/W2573637329","https://openalex.org/W2111825754","https://openalex.org/W2135849267"],"abstract_inverted_index":{"Memory":[0],"corruption":[1,22],"errors":[2],"in":[3,14,119],"C/C++":[4],"programs":[5],"remain":[6],"the":[7,30,67,102,120,139],"most":[8],"common":[9],"source":[10],"of":[11,88,101,116,132,138],"security":[12,104,109],"vulnerabilities":[13,23],"today\u2019s":[15],"systems.":[16],"Control-flow":[17],"hijacking":[18],"attacks":[19],"exploit":[20],"memory":[21],"to":[24,79],"divert":[25],"program":[26],"execution":[27],"away":[28],"from":[29],"intended":[31],"control":[32],"flow.":[33],"Researchers":[34],"have":[35],"spent":[36],"more":[37],"than":[38],"a":[39,85,92,98,107],"decade":[40],"studying":[41],"and":[42,111,135,143,157,160],"refining":[43],"defenses":[44],"based":[45,95],"on":[46,77,96],"Control-Flow":[47],"Integrity":[48],"(CFI);":[49],"this":[50],"technique":[51],"is":[52,73],"now":[53],"integrated":[54],"into":[55],"several":[56],"production":[57],"compilers.":[58],"However,":[59],"so":[60],"far,":[61],"no":[62],"study":[63],"has":[64],"systematically":[65],"compared":[66],"various":[68],"proposed":[69],"CFI":[70,89],"mechanisms":[71,90],"nor":[72],"there":[74],"any":[75],"protocol":[76],"how":[78],"compare":[80,84],"such":[81],"mechanisms.":[82],"We":[83],"broad":[86],"range":[87],"using":[91],"unified":[93],"nomenclature":[94],"(i)":[97,129],"qualitative":[99],"discussion":[100],"conceptual":[103],"guarantees,":[105],"(ii)":[106,136],"quantitative":[108],"evaluation,":[110],"(iii)":[112,153],"an":[113],"empirical":[114],"evaluation":[115],"their":[117],"performance":[118],"same":[121],"test":[122],"environment.":[123],"For":[124,146],"each":[125],"mechanism,":[126],"we":[127,150],"evaluate":[128,152],"protected":[130],"types":[131],"control-flow":[133],"transfers":[134],"precision":[137],"protection":[140],"for":[141],"forward":[142],"backward":[144],"edges.":[145],"open-source,":[147],"compiler-based":[148],"implementations,":[149],"also":[151],"generated":[154],"equivalence":[155],"classes":[156],"target":[158],"sets":[159],"(iv)":[161],"runtime":[162],"performance.":[163]},"counts_by_year":[{"year":2026,"cited_by_count":5},{"year":2025,"cited_by_count":16},{"year":2024,"cited_by_count":22},{"year":2023,"cited_by_count":26},{"year":2022,"cited_by_count":26},{"year":2021,"cited_by_count":34},{"year":2020,"cited_by_count":36},{"year":2019,"cited_by_count":37},{"year":2018,"cited_by_count":28},{"year":2017,"cited_by_count":12},{"year":2016,"cited_by_count":3},{"year":2014,"cited_by_count":1},{"year":2013,"cited_by_count":1},{"year":2012,"cited_by_count":1}],"updated_date":"2026-05-23T08:51:43.019350","created_date":"2025-10-10T00:00:00"}