Improve the Control Flow Integrity part of the Map

a13xp0p0v / linux-kernel-defence-map

Linux Kernel Defence Map shows the relationships between vulnerability classes, exploitation techniques, bug detection mechanisms, and defence technologies

GNU General Public License v3.0

1.75k stars 123 forks source link

Improve the Control Flow Integrity part of the Map #5

Closed a13xp0p0v closed 2 years ago

a13xp0p0v commented 2 years ago

The Map should have separate nodes for Forward-edge CFI and Backward-edge CFI.

a13xp0p0v commented 2 years ago

Introduced the Control Flow Integrity cluster

Changes:

Add cluster_cfi with Forward-edge CFI and Backward-edge CFI
Rename "CFI_CLANG" to "ARM: CFI_CLANG"
Move SHADOW_CALL_STACK to child nodes of cluster_cfi
Separate ARM64_PTR_AUTH and ARM64_BTI_KERNEL
Describe new connections