Memory corruption is an important class of vulnerability that can be leveraged to craft control flow hijacking attacks. Control Flow Integrity (CFI) provides protection against such attacks. Application of type-based CFI policies requires information regarding the number and type of function arguments. Binary-level type recovery is inherently speculative, which motivates the need for an evaluation framework to assess the effectiveness of binary-level CFI techniques compared with their source-level counterparts, where such type information is fully and accurately accessible. In this work, we develop a novel, generalized and extensible framework to assess how the program analysis information we get from state-of-the-art binary analysis tools affects the efficacy of type-based CFI techniques. We introduce new and insightful metrics to quantitatively compare source independent CFI policies with their ground truth source aware counterparts. We leverage our framework to evaluate binary-level CFI policies implemented using program analysis information extracted from the IDA Pro binary analyzer and compared with the ground truth information obtained from the LLVM compiler, and present our observations.

翻译：内存漏洞是一类可被利用来构建控制流劫持攻击的重要漏洞类型。控制流完整性（CFI）为此类攻击提供了防护。基于类型的CFI策略应用需要函数参数数量及类型信息。由于二进制级的类型恢复本质上是推测性的，因此需要建立评估框架来比较二进制级CFI技术与源码级CFI技术的有效性——后者可完整且精确地获取此类类型信息。本研究开发了一种新颖、通用且可扩展的框架，用于评估通过现有先进二进制分析工具获取的程序分析信息对基于类型的CFI技术效能的影响。我们引入了全新的洞察性量化指标，对不依赖源码的CFI策略与基于真实信息的源感知策略进行定量比较。基于该框架，我们评估了通过IDA Pro二进制分析器提取程序分析信息实现的二进制级CFI策略，并与通过LLVM编译器获取的真实信息进行了对比，最终呈现了相关观察结果。