# Securing software by enforcing data-flow integrity *by Microsoft in OSDI '06* ## Abstract Software attacks often subvert the intended data-flow in a vulnerable program. This paper presents a simple technique that these prevents by enforcing data-flow integrity. ## Previous Solution Dynamic taint analysis: have false positives and they incur a very high overhead without hardware support ## Basic idea and implementation Computes a data-flow graph for a vulnerable program using static analysis. * how to compute: use reaching definitions analysis Instruments the program to ensure that the flow of data at runtime is allowed by the data-flow graph. * how to instrument ```c= SETDEF opnd id. CHECKDEF opnd setName. ``` This paper enforces data-flow integrity by introducing runtime definition table(RDT). It aims to make sure whenever a value is read, the definition identifier of the instruction that wrote the value is in the set of reaching definitions for the read RDT tampering is prevented by instrumenting writes to check if the target address is within the memory region allocated to the RD ## Strenths * introducing data-flow integrity * no false positives * relatively low overhead at that time (2006) * some smart optimizations * detailed evaluation ## Weakness * false negatives. Reason1: definitions analysis must include in the set all definitions that may reach a use at runtime but it may include additional definition Reason2: fail to detect an attack that overflows a buffer in a structure to overwrite a security critical field in the same structure * a lot of space to improve the coverage and performance of data-flow integrity enforcement