{"id":"https://openalex.org/W4402957703","doi":"https://doi.org/10.1145/3678890.3678920","title":"Integrating Static Analyses for High-Precision Control-Flow Integrity","display_name":"Integrating Static Analyses for High-Precision Control-Flow Integrity","publication_year":2024,"publication_date":"2024-09-29","ids":{"openalex":"https://openalex.org/W4402957703","doi":"https://doi.org/10.1145/3678890.3678920"},"language":"en","primary_location":{"id":"doi:10.1145/3678890.3678920","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678920","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3678890.3678920","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5107629109","display_name":"Florian Kasten","orcid":"https://orcid.org/0009-0000-1649-3127"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":true,"raw_author_name":"Florian Kasten","raw_affiliation_strings":["Fraunhofer AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5058138020","display_name":"Philipp Zieris","orcid":"https://orcid.org/0000-0001-9658-1572"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Philipp Zieris","raw_affiliation_strings":["Fraunhofer AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5080222919","display_name":"Julian Horsch","orcid":"https://orcid.org/0000-0001-9018-7048"},"institutions":[{"id":"https://openalex.org/I4210136922","display_name":"Fraunhofer Institute for Applied and Integrated Security","ror":"https://ror.org/03w0bbr97","country_code":"DE","type":"facility","lineage":["https://openalex.org/I4210136922","https://openalex.org/I4923324"]}],"countries":["DE"],"is_corresponding":false,"raw_author_name":"Julian Horsch","raw_affiliation_strings":["Fraunhofer AISEC, Germany"],"affiliations":[{"raw_affiliation_string":"Fraunhofer AISEC, Germany","institution_ids":["https://openalex.org/I4210136922"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5107629109"],"corresponding_institution_ids":["https://openalex.org/I4210136922"],"apc_list":null,"apc_paid":null,"fwci":1.0848,"has_fulltext":false,"cited_by_count":3,"citation_normalized_percentile":{"value":0.81686279,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":96,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"419","last_page":"434"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9997000098228455,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10478","display_name":"Diamond and Carbon-based Materials Research","score":0.9625999927520752,"subfield":{"id":"https://openalex.org/subfields/2505","display_name":"Materials Chemistry"},"field":{"id":"https://openalex.org/fields/25","display_name":"Materials Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12007","display_name":"Plasma and Flow Control in Aerodynamics","score":0.9513999819755554,"subfield":{"id":"https://openalex.org/subfields/2202","display_name":"Aerospace Engineering"},"field":{"id":"https://openalex.org/fields/22","display_name":"Engineering"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.630010724067688},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.4811759889125824},{"id":"https://openalex.org/keywords/reliability-engineering","display_name":"Reliability engineering","score":0.36186230182647705},{"id":"https://openalex.org/keywords/engineering","display_name":"Engineering","score":0.1469327211380005},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.08395153284072876}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.630010724067688},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.4811759889125824},{"id":"https://openalex.org/C200601418","wikidata":"https://www.wikidata.org/wiki/Q2193887","display_name":"Reliability engineering","level":1,"score":0.36186230182647705},{"id":"https://openalex.org/C127413603","wikidata":"https://www.wikidata.org/wiki/Q11023","display_name":"Engineering","level":0,"score":0.1469327211380005},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.08395153284072876}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3678890.3678920","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678920","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},{"id":"pmh:oai:publica.fraunhofer.de:publica/478218","is_oa":false,"landing_page_url":"https://publica.fraunhofer.de/handle/publica/478218","pdf_url":null,"source":{"id":"https://openalex.org/S4306400318","display_name":"Fraunhofer-Publica (Fraunhofer-Gesellschaft)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4923324","host_organization_name":"Fraunhofer-Gesellschaft","host_organization_lineage":["https://openalex.org/I4923324"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"conference paper"}],"best_oa_location":{"id":"doi:10.1145/3678890.3678920","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3678890.3678920","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"The 27th International Symposium on Research in Attacks, Intrusions and Defenses","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":24,"referenced_works":["https://openalex.org/W1557543533","https://openalex.org/W1969501726","https://openalex.org/W1975514564","https://openalex.org/W1982829328","https://openalex.org/W1993682390","https://openalex.org/W1997981086","https://openalex.org/W2022292029","https://openalex.org/W2074943483","https://openalex.org/W2080313875","https://openalex.org/W2089448621","https://openalex.org/W2121579803","https://openalex.org/W2148755014","https://openalex.org/W2159059513","https://openalex.org/W2258876169","https://openalex.org/W2297774820","https://openalex.org/W2368550879","https://openalex.org/W2516933175","https://openalex.org/W2891196279","https://openalex.org/W2899759798","https://openalex.org/W2953977010","https://openalex.org/W2987375469","https://openalex.org/W3023860284","https://openalex.org/W3101740510","https://openalex.org/W4246438243"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2748952813","https://openalex.org/W2390279801","https://openalex.org/W2358668433","https://openalex.org/W4396701345","https://openalex.org/W2376932109","https://openalex.org/W2001405890","https://openalex.org/W4396696052","https://openalex.org/W2382290278","https://openalex.org/W4395014643"],"abstract_inverted_index":{"Memory":[0],"corruptions":[1],"are":[2,27,75],"still":[3],"one":[4],"of":[5,38,113,124,163,202,209],"the":[6,36,150,207],"most":[7],"prevalent":[8],"and":[9,26,106,118,127,148,166,221],"severe":[10],"security":[11],"vulnerabilities":[12,24],"in":[13,29,52,116],"today\u2019s":[14],"programs.":[15],"For":[16],"this":[17],"reason,":[18],"several":[19],"techniques":[20],"for":[21,65,90,108,131],"mitigating":[22],"software":[23],"exist":[25],"used":[28],"production":[30],"systems.":[31],"An":[32],"important":[33],"mitigation":[34],"involves":[35],"prevention":[37],"invalid":[39],"control":[40,80],"flow":[41,81],"transfers.":[42],"Attackers":[43],"often":[44,76,86],"corrupt":[45],"function":[46],"pointers":[47],"to":[48,93,155,194,219],"subvert":[49],"a":[50,53,96,104,122,144,157],"forward-edge":[51,110],"program\u2019s":[54],"call":[55],"graph.":[56],"Forward-edges":[57],"can":[58,190],"be":[59,191],"protected":[60],"using":[61,121,179],"Control-Flow":[62],"Integrity":[63],"(CFI),":[64],"which":[66],"practical":[67],"implementations":[68,74],"already":[69],"exist.":[70],"However,":[71],"current":[72],"CFI":[73,102,111,211],"imprecise,":[77],"allowing":[78],"more":[79],"transfers":[82],"than":[83,173],"necessary.":[84],"This":[85,98],"leaves":[87],"sufficient":[88],"leeway":[89],"an":[91,198],"attacker":[92],"successfully":[94],"exploit":[95],"program.":[97],"paper":[99],"presents":[100],"High-Precision":[101],"(HPCFI),":[103],"concept":[105],"implementation":[107],"precise":[109,145],"protection":[112],"indirect":[114],"calls":[115],"C":[117],"C++":[119],"programs":[120],"combination":[123,162],"type":[125,146,164],"analysis":[126,130,147,165,169],"static":[128,158,167],"data-flow":[129,159,168],"determining":[132],"valid":[133],"forward-edges.":[134],"HPCFI":[135,189],"is":[136],"implemented":[137],"as":[138,214],"LLVM":[139],"compiler":[140],"passes":[141],"that":[142,188],"perform":[143],"utilize":[149],"Static":[151],"Value-Flow":[152],"(SVF)":[153],"framework":[154],"conduct":[156],"analysis.":[160],"The":[161],"offers":[170],"higher":[171],"precision":[172,208],"conventional":[174],"heuristic-based":[175],"approaches.":[176],"Our":[177],"evaluation,":[178],"all":[180],"compatible":[181],"benchmarks":[182],"from":[183],"SPEC":[184],"CPU":[185],"2017,":[186],"demonstrates":[187],"effectively":[192],"applied":[193],"large":[195],"projects":[196],"with":[197],"average":[199],"performance":[200],"overhead":[201],"only":[203],"1.3%,":[204],"while":[205],"improving":[206],"established":[210],"mechanisms,":[212],"such":[213],"Clang":[215],"CFI,":[216],"by":[217],"up":[218],"99%":[220],"40%":[222],"on":[223],"average.":[224]},"counts_by_year":[{"year":2025,"cited_by_count":3}],"updated_date":"2026-03-12T08:34:05.389933","created_date":"2025-10-10T00:00:00"}