University of Calgary
Runtime and control-flow attacks (such as code injection or return-oriented programming) constitute one of the most severe threats to software programs. These attacks are prevalent and have been recently applied to Smartphone applications as well, of which hundreds of thousands are downloaded by users every day. While a framework for Control-Flow Integrity (CFI) enforcement, an approach to prohibit this kind of attacks, exists for the Intel x86 platform, there is no such a solution for Smartphones. In this paper, the authors present a novel framework, MoCFI (Mobile CFI), that provides a general countermeasure against control-flow attacks on Smartphone platforms by enforcing CFI.