CFIghter: Automated Control-Flow Integrity Enablement and Evaluation for Legacy C/C++ Systems

• URL: http://arxiv.org/abs/2512.22701v1
• Date: Sat, 27 Dec 2025 20:38:08 GMT
• Title: CFIghter: Automated Control-Flow Integrity Enablement and Evaluation for Legacy C/C++ Systems
• Authors: Sabine Houy, Bruno Kreyssig, Alexandre Bartel,
• Abstract summary: Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software.<n>We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects.
• Score: 42.67508633071825
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present CFIghter, the first fully automated system that enables strict, type-based CFI in real-world projects by detecting, classifying, and repairing unintended policy violations exposed by the test suite. CFIghter integrates whole-program analysis with guided runtime monitoring and iteratively applies the minimal necessary adjustments to CFI enforcement only where required, stopping once all tests pass or remaining failures are deemed unresolvable. We evaluate CFIghter on four GNU projects. It resolves all visibility-related build errors and automatically repairs 95.8% of unintended CFI violations in the large, multi-library util-linux codebase, while retaining strict enforcement at over 89% of indirect control-flow sites. Across all subjects, CFIghter preserves strict type-based CFI for the majority of the codebase without requiring manual source-code changes, relying only on automatically generated visibility adjustments and localized enforcement scopes where necessary. These results show that automated compatibility repair makes strict compiler CFI practically deployable in mature, modular C software.

Related papers

• RealSec-bench: A Benchmark for Evaluating Secure Code Generation in Real-World Repositories [58.32028251925354]
  Large Language Models (LLMs) have demonstrated remarkable capabilities in code generation, but their proficiency in producing secure code remains a critical, under-explored area.<n>We introduce RealSec-bench, a new benchmark for secure code generation meticulously constructed from real-world, high-risk Java repositories.
  arXiv  Detail & Related papers  (2026-01-30T08:29:01Z)
• Plug-and-Play Benchmarking of Reinforcement Learning Algorithms for Large-Scale Flow Control [61.155940786140455]
  Reinforcement learning (RL) has shown promising results in active flow control (AFC)<n>Current AFC benchmarks rely on external computational fluid dynamics (CFD) solvers, are not fully differentiable, and provide limited 3D and multi-agent support.<n>We introduce FluidGym, the first standalone, fully differentiable benchmark suite for RL in AFC.
  arXiv  Detail & Related papers  (2026-01-21T14:13:44Z)
• BASICS: Binary Analysis and Stack Integrity Checker System for Buffer Overflow Mitigation [0.0]
  Cyber-Physical Systems have played an essential role in our daily lives, providing critical services such as power and water.<n>Traditional vulnerability discovery techniques struggle with scalability and precision when applied directly to the binary code of C programs.<n>This work introduces a novel approach designed to overcome these limitations by leveraging model checking and concolic execution techniques.
  arXiv  Detail & Related papers  (2025-11-24T20:11:41Z)
• What Do They Fix? LLM-Aided Categorization of Security Patches for Critical Memory Bugs [46.325755802511026]
  We developLM, a dual-method pipeline that integrates two approaches based on a Large Language Model (LLM) and a fine-tuned small language model.<n>LM successfully identified 111 of 5,140 recent Linux kernel patches addressing OOB or UAF vulnerabilities, with 90 true positives confirmed by manual verification.
  arXiv  Detail & Related papers  (2025-09-26T18:06:36Z)
• A Practical Guideline and Taxonomy to LLVM's Control Flow Integrity [40.46280139210502]
  Control Flow Integrity (CFI) has gained traction to mitigate this exploitation path.<n>We establish a taxonomy mapping LLVM's forward-edge CFI variants to memory corruption vulnerability classes.
  arXiv  Detail & Related papers  (2025-08-21T09:23:24Z)
• Training Language Models to Generate Quality Code with Program Analysis Feedback [66.0854002147103]
  Code generation with large language models (LLMs) is increasingly adopted in production but fails to ensure code quality.<n>We propose REAL, a reinforcement learning framework that incentivizes LLMs to generate production-quality code.
  arXiv  Detail & Related papers  (2025-05-28T17:57:47Z)
• SOPBench: Evaluating Language Agents at Following Standard Operating Procedures and Constraints [59.645885492637845]
  SOPBench is an evaluation pipeline that transforms each service-specific SOP code program into a directed graph of executable functions.<n>Our approach transforms each service-specific SOP code program into a directed graph of executable functions and requires agents to call these functions based on natural language SOP descriptions.<n>We evaluate 18 leading models, and results show the task is challenging even for top-tier models.
  arXiv  Detail & Related papers  (2025-03-11T17:53:02Z)
• EILID: Execution Integrity for Low-end IoT Devices [12.193184827858326]
  EILID is a hybrid architecture that ensures software execution integrity on low-end devices.<n>It is built atop CASU, a prevention-based (i.e., active) hybrid Root-of-Trust (RoT) that guarantees software immutability.
  arXiv  Detail & Related papers  (2025-01-16T00:31:39Z)
• SpecCFA: Enhancing Control Flow Attestation/Auditing via Application-Aware Sub-Path Speculation [6.210224116507288]
  We propose SpecCFA: an approach for dynamic sub-path speculation in CFA. SpecCFA significantly lowers storage/performance costs that are critical to resource-constrained MCUs.
  arXiv  Detail & Related papers  (2024-09-27T02:39:55Z)
• One for All and All for One: GNN-based Control-Flow Attestation for Embedded Devices [16.425360892610986]
  Control-Flow (CFA) is a security service that allows an entity (verifier) to verify the integrity of code execution on a remote computer system. Existing CFA schemes suffer from impractical assumptions, such as requiring access to the prover's internal state. We introduce RAGE, a novel, lightweight CFA approach with minimal requirements.
  arXiv  Detail & Related papers  (2024-03-12T10:00:06Z)
• A New Era in Software Security: Towards Self-Healing Software via Large Language Models and Formal Verification [8.733354577147093]
  This paper introduces an innovative approach that combines Large Language Models (LLMs) with Formal Verification strategies for automatic software vulnerability repair. We present the ESBMC-AI framework as a proof of concept, leveraging the well-recognized and industry-adopted Efficient SMT-based Context-Bounded Model Checker (ESBMC) and a pre-trained transformer model. Our results demonstrate ESBMC-AI's capability to automate the detection and repair of issues such as buffer overflow, arithmetic overflow, and pointer dereference failures with high accuracy.
  arXiv  Detail & Related papers  (2023-05-24T05:54:10Z)
• Pointwise Feasibility of Gaussian Process-based Safety-Critical Control under Model Uncertainty [77.18483084440182]
  Control Barrier Functions (CBFs) and Control Lyapunov Functions (CLFs) are popular tools for enforcing safety and stability of a controlled system, respectively. We present a Gaussian Process (GP)-based approach to tackle the problem of model uncertainty in safety-critical controllers that use CBFs and CLFs.
  arXiv  Detail & Related papers  (2021-06-13T23:08:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.