In theory, Control-Flow Integrity (CFI) is considered a principled solution against control-data attacks. However, most fine-grained CFI schemes that ensure such high security suffer from significant performance overhead. Existing practical implementations have been proposed to overcome this performance overhead problem, but they have proven unable to guarantee high security because development of these implementations has focused on only improving performance, at the expense of the security guarantee. Even though it is important for CFI schemes to provide both high security and low performance overhead, existing research on CFI is limited either by way of performance or security guarantee. We propose a new approach of verification method in fine-grained CFI to achieve these two goals. Our scheme performs selective and random verifications for certain branches rather than all branches, and thus, can reduce performance overhead. We show improved performance by evaluating our proof-of-concept implementation on SPEC CPU 2017. In addition, we also show that our scheme does not significantly sacrifice the security guarantee of fine-grained CFI by analyzing the structure of existing control-data attack exploits, which were collected from real-world exploits DB and related literature.

中文翻译：

---

随机 CFI (RCFI)：通过随机验证实现高效的细粒度控制流完整性

理论上，控制流完整性 (CFI) 被认为是针对控制数据攻击的原则性解决方案。然而，大多数确保如此高安全性的细粒度 CFI 方案都会遭受显着的性能开销。已经提出了现有的实际实现来克服这个性能开销问题，但它们已被证明无法保证高安全性，因为这些实现的开发只关注提高性能，而牺牲了安全保证。尽管 CFI 方案提供高安全性和低性能开销很重要，但现有的 CFI 研究在性能或安全保证方面受到限制。我们提出了一种新的细粒度 CFI 验证方法来实现这两个目标。我们的方案对某些分支而不是所有分支执行选择性和随机验证，因此可以降低性能开销。我们通过在 SPEC CPU 2017 上评估我们的概念验证实现来展示改进的性能。此外，我们还通过分析现有控制数据攻击漏洞的结构表明我们的方案没有显着牺牲细粒度 CFI 的安全保证，它们是从真实世界的漏洞利用数据库和相关文献中收集的。