Control Flow Integrity (CFI) is a popular topic in the world of exploit mitigations these days. As Microsoft was the first company to ship a platform-wide, and enabled by default CFI solution, we’ve learned a lot of hard but valuable lessons. This talk takes a walk down memory lane, starting from several years ago when Control Flow Guard first shipped, to the present day. Along this journey through time, I’ll talk about things that Microsoft discovered both internally, through our mitigation bounty, and through exploits in the wild, and how these findings have changed our threat model and the way we think about CFI technology. We’ll also touch on open problems in the CFI space and how we see CFI fitting in to the bigger picture of mitigating memory corruption exploits moving forward.
Joe is a security engineer in the Microsoft Security Response Center's Vulnerability & Mitigations team. Joe spends his time finding and exploiting vulnerabilities in Microsoft products as well as evaluating real-world exploitation advancements and using this information to drive improvements in Microsoft's products.
