Runtime attacks that exploit software vulnerabilities are still an important concern nowadays. Even smartphone operating systems such as Apple's iOS are affected by such attacks since the system is implemented in Objective-C, a program- ming language that enables attacks such as buffer overflows. As a generic protection technique against a whole class of attacks, control-flow integrity (CFI) offers some interesting properties. Recent work demonstrated that CFI can be implemented on iOS by patching the binary during the loading process and adding an instrumentation layer that enforces CFI. However, this approach is of little practical value since it requires a jailbroken device, which hinders wide employment. Furthermore, binary patching has a certain performance impact.
In this paper, we show how CFI can be implemented directly within a compiler, making the approach widely deployable on all kinds of iOS devices. We extend the LLVM compiler and add our CFI enforcement approach during the compilation phase of a given app. An empirical evaluation shows that the size and performance overhead is reasonable.