Díez Franco, IreneUgarte Pedrero, XabierGarcía Bringas, Pablo2025-03-052025-03-052024Díez-Franco, I., Ugarte-Pedrero, X., & García-Bringas, P. (2024). Optimized Data-Flow Integrity for Modern Compilers. IEEE Access, 12, 124171-124182. https://doi.org/10.1109/ACCESS.2024.345455110.1109/ACCESS.2024.3454551https://hdl.handle.net/20.500.14454/2452Non-control-data attacks are those attacks that purely target and modify the non-control data of a program, such as boolean values, user input or configuration parameters, and leave the control flow of a program untouched. These attacks were considered a niche due to the high difficulty in crafting attacks that do not modify the control flow. However, in recent years researchers have already demonstrated that non-control-data attacks can be automatically constructed and that they pose a significant threat because they can compromise critical and widely used software, such as web browsers and the Linux kernel. Moreover, they can also be used to disable or bypass state-of-the-art software security techniques, such as control-flow integrity. The most promising technique to protect against non-control-data attacks is data-flow integrity, however, modern compilers do not implement this protection yet. In this work we present an optimized data-flow integrity implementation for modern compilers that reduces the amount of basic blocks that need to be protected in an average of 45.8%, it also has broader security guarantees due to its more precise static analysis. Finally, we evaluate the completeness of our optimized data-flow integrity implementation.eng© 2024 The AuthorsCompilersData-flow integrityNon-control-data attacksProgram analysisSecurity vulnerabilitiesSystems securityjournal article2025-03-052169-3536