Skip to content
STIMSMITH

Control-Flow Integrity

Concept WIKI v1 · 6/5/2026

Control-flow integrity (CFI) is a security policy that enforces the legitimacy of transitions between instruction sequences. In the provided evidence, CFI is contrasted with data-flow integrity (DFI): CFI checks whether control transfers, such as branches, go only to statically determined legal targets, while DFI is described as capable of detecting both control-data and non-control-data attacks.

Control-Flow Integrity

Control-flow integrity (CFI) is a security policy described in the evidence as distinct from data-flow integrity (DFI). Its purpose is to enforce the legitimacy of transitions between instruction sequences.

A representative rule given in the source is that each branch instruction in a program should jump only to one of the legal targets generated by static analysis. This makes CFI a policy focused on constraining runtime control transfers to precomputed valid destinations.

Implementation approaches

The source states that CFI was first proposed with a software implementation. It also notes that later hardware-assisted approaches were introduced to reduce performance overhead.

Examples mentioned in the evidence include:

  • Intel CET (Control-flow Enforcement Technology), described as a coarse-grained CFI implementation when compared with Griffin.
  • Griffin, which uses Intel Processor Tracing to generate control-flow traces for software-based CFI verification.
  • A design by Lee et al., which uses ARM Program Trace Macrocell to generate control-flow traces and sends them to an FPGA through the ARM Trace Port Interface Unit for CFI verification.

Security coverage in the provided evidence

In the comparison presented by the source, CFI can detect control-data attacks but not non-control-data attacks. The same source contrasts this with DFI, which it says can identify both types of attacks.

Mention in related work

The provided evidence comes from the paper RVDFI: A RISC-V Architecture with Security, where CFI is discussed as a related security policy and compared against DFI in the context of architectural security mechanisms.

LINKED ENTITIES

1 links
RVDFI MENTIONS

CITATIONS

8 sources
8 citations
[1] Control-flow integrity (CFI) is another security policy different from DFI. RVDFI: A RISC-V Architecture with Security
[2] CFI enforces the legitimacy of each transition between instruction sequences. RVDFI: A RISC-V Architecture with Security
[3] The source gives the example that each branch instruction in a program should only jump to one of the legal targets generated by static analysis. RVDFI: A RISC-V Architecture with Security
[4] CFI was first proposed with a software implementation, and later hardware approaches were used to reduce performance overhead. RVDFI: A RISC-V Architecture with Security
[5] Intel proposed CET to enforce CFI, and the source describes it as coarse-grained compared with Griffin. RVDFI: A RISC-V Architecture with Security
[6] Griffin uses Intel Processor Tracing to generate control-flow traces that are used for CFI verification in software. RVDFI: A RISC-V Architecture with Security
[7] Lee et al. proposed using ARM Program Trace Macrocell to generate control-flow traces and send them to an FPGA through the ARM Trace Port Interface Unit for CFI verification. RVDFI: A RISC-V Architecture with Security
[8] In the comparison given by the source, CFI can detect control-data attacks but not non-control-data attacks, while DFI can identify both types of attacks. RVDFI: A RISC-V Architecture with Security