Principles of Data Flow Integrity: Specification and Enforcement
TOKTAM RAMEZANIFARKHANI AND MOHAMMADREZA RAZZAZI Department of Computer Engineering and IT Amirkabir University of Technology 424 Hafez Ave, 15875-4413, Tehran, Iran E-mail: {t_ramezani; razzazi}@aut.ac.ir
Subverting runtime data flow is common in many current software attacks. Data Flow Integrity (DFI) is a policy whose satisfaction can prevent such attacks. This paper develops a formal foundation on DFI specification, and characteristics of its enforcement techniques with formulations of hypotheses and guarantees. Enforcement techniques are based on static analysis and program monitoring at runtime. This foundation can be used for practical satisfaction of DFI and help establish guarantees in every applied platform.