A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity

• URL: http://arxiv.org/abs/2508.15386v1
• Date: Thu, 21 Aug 2025 09:23:24 GMT
• Title: A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity
• Authors: Sabine Houy, Bruno Kreyssig, Timothee Riom, Alexandre Bartel, Patrick McDaniel,
• Abstract summary: Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path.<n>We establish a taxonomy mapping LLVM's forward-edge CFI variants to memory corruption vulnerability classes.
• Score: 40.46280139210502
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program's control flow. While Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path, developers are not provided with any direction on how to apply CFI to real-world software. In this work, we establish a taxonomy mapping LLVM's forward-edge CFI variants to memory corruption vulnerability classes, offering actionable guidance for developers seeking to deploy CFI incrementally in existing codebases. Based on the Top 10 Known Exploited Vulnerabilities (KEV) list, we identify four high-impact vulnerability categories and select one representative CVE for each. We evaluate LLVM's CFI against each CVE and explain why CFI blocks exploitation in two cases while failing in the other two, illustrating its potential and current limitations. Our findings support informed deployment decisions and provide a foundation for improving the practical use of CFI in production systems.

Related papers

• Secure Code Generation via Online Reinforcement Learning with Vulnerability Reward Model [60.60587869092729]
  Large language models (LLMs) are increasingly used in software development, yet their tendency to generate insecure code remains a major barrier to real-world deployment.<n>We propose SecCoderX, an online reinforcement learning framework for functionality-preserving secure code generation.
  arXiv  Detail & Related papers  (2026-02-07T07:42:07Z)
• Why Does the LLM Stop Computing: An Empirical Study of User-Reported Failures in Open-Source LLMs [50.075587392477935]
  We conduct the first large-scale empirical study of 705 real-world failures from the open-source DeepSeek, Llama, and Qwen ecosystems.<n>Our analysis reveals a paradigm shift: white-box orchestration relocates the reliability bottleneck from model algorithmic defects to the systemic fragility of the deployment stack.
  arXiv  Detail & Related papers  (2026-01-20T06:42:56Z)
• CFIghter: Automated Control-Flow Integrity Enablement and Evaluation for Legacy C/C++ Systems [42.67508633071825]
  Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software.<n>We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects.
  arXiv  Detail & Related papers  (2025-12-27T20:38:08Z)
• BASICS: Binary Analysis and Stack Integrity Checker System for Buffer Overflow Mitigation [0.0]
  Cyber-Physical Systems have played an essential role in our daily lives, providing critical services such as power and water.<n>Traditional vulnerability discovery techniques struggle with scalability and precision when applied directly to the binary code of C programs.<n>This work introduces a novel approach designed to overcome these limitations by leveraging model checking and concolic execution techniques.
  arXiv  Detail & Related papers  (2025-11-24T20:11:41Z)
• Code Agent can be an End-to-end System Hacker: Benchmarking Real-world Threats of Computer-use Agent [64.08182031659047]
  We propose AdvCUA, the first benchmark aligned with real-world TTPs in MITRE ATT&CK Enterprise Matrix.<n>We evaluate the existing five mainstream CUAs, including ReAct, AutoGPT, Gemini CLI, and Cursor CLI.<n>Results demonstrate that current frontier CUAs do not adequately cover OS security-centric threats.
  arXiv  Detail & Related papers  (2025-10-08T03:35:23Z)
• Automated Vulnerability Validation and Verification: A Large Language Model Approach [7.482522010482827]
  This paper introduces an end-to-end multi-step pipeline leveraging generative AI, specifically large language models (LLMs)<n>Our approach extracts information from CVE disclosures in the National Vulnerability Database.<n>It augments it with external public knowledge (e.g., threat advisories, code snippets) using Retrieval-Augmented Generation (RAG)<n>The pipeline iteratively refines generated artifacts, validates attack success with test cases, and supports complex multi-container setups.
  arXiv  Detail & Related papers  (2025-09-28T19:16:12Z)
• What Do They Fix? LLM-Aided Categorization of Security Patches for Critical Memory Bugs [46.325755802511026]
  We developLM, a dual-method pipeline that integrates two approaches based on a Large Language Model (LLM) and a fine-tuned small language model.<n>LM successfully identified 111 of 5,140 recent Linux kernel patches addressing OOB or UAF vulnerabilities, with 90 true positives confirmed by manual verification.
  arXiv  Detail & Related papers  (2025-09-26T18:06:36Z)
• CyberGym: Evaluating AI Agents' Cybersecurity Capabilities with Real-World Vulnerabilities at Scale [46.76144797837242]
  Large language model (LLM) agents are becoming increasingly skilled at handling cybersecurity tasks autonomously.<n>Existing benchmarks fall short, often failing to capture real-world scenarios or being limited in scope.<n>We introduce CyberGym, a large-scale and high-quality cybersecurity evaluation framework featuring 1,507 real-world vulnerabilities.
  arXiv  Detail & Related papers  (2025-06-03T07:35:14Z)
• BadVLA: Towards Backdoor Attacks on Vision-Language-Action Models via Objective-Decoupled Optimization [45.97834622654751]
  BadVLA is a backdoor attack method based on Objective-Decoupled Optimization.<n>We show that BadVLA consistently achieves near-100% attack success rates with minimal impact on clean task accuracy.<n>Our work offers the first systematic investigation of backdoor vulnerabilities in VLA models.
  arXiv  Detail & Related papers  (2025-05-22T13:12:46Z)
• GNN-Based Code Annotation Logic for Establishing Security Boundaries in C Code [41.10157750103835]
  Securing sensitive operations in today's interconnected software landscape is crucial yet challenging. Modern platforms rely on Trusted Execution Environments (TEEs) to isolate security sensitive code from the main system. Code Logic (CAL) is a pioneering tool that automatically identifies security sensitive components for TEE isolation.
  arXiv  Detail & Related papers  (2024-11-18T13:40:03Z)
• SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
  We propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
  arXiv  Detail & Related papers  (2024-09-27T02:39:55Z)
• Assessing the Effectiveness of Binary-Level CFI Techniques [0.0]
  Flow Control Integrity (CFI) provides protection against control flow hijacking attacks. binary-level type recovery is inherently speculative, which motivates the need for an evaluation framework.
  arXiv  Detail & Related papers  (2024-01-13T19:38:15Z)
• SliceLocator: Locating Vulnerable Statements with Graph-based Detectors [33.395068754566935]
  SliceLocator identifies the most relevant taint flow by selecting the highest-weighted flow path from all potential vulnerability-triggering statements.<n>We demonstrate that SliceLocator consistently performs well on four state-of-the-art GNN-based vulnerability detectors.
  arXiv  Detail & Related papers  (2024-01-05T10:15:04Z)
• TitanCFI: Toward Enforcing Control-Flow Integrity in the Root-of-Trust [4.444373990868152]
  TitanCFI modifies the commit stage of a protected core to stream control flow instructions to the RoT. It avoids the design of custom IPs and the modification of the compilation toolchain. It exploits the RoT tamper-proof storage and cryptographic accelerators to secure metadata.
  arXiv  Detail & Related papers  (2024-01-04T22:58:33Z)
• Multi-context Attention Fusion Neural Network for Software Vulnerability Identification [4.05739885420409]
  We propose a deep learning model that learns to detect some of the common categories of security vulnerabilities in source code efficiently. The model builds an accurate understanding of code semantics with a lot less learnable parameters. The proposed AI achieves 98.40% F1-score on specific CWEs from the benchmarked NIST SARD dataset.
  arXiv  Detail & Related papers  (2021-04-19T11:50:36Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.