research-article

Control-flow integrity principles, implementations, and applications

Authors:

Úlfar Erlingsson,

Jay LigattiAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 13, Issue 1

Article No.: 4, Pages 1 - 40

https://doi.org/10.1145/1609956.1609960

Published: 06 November 2009 Publication History

Abstract

Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, control-flow integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement is simple and its guarantees can be established formally, even with respect to powerful adversaries. Moreover, CFI enforcement is practical: It is compatible with existing software and can be done efficiently using software rewriting in commodity systems. Finally, CFI provides a useful foundation for enforcing further security policies, as we demonstrate with efficient software implementations of a protected shadow call stack and of access control for memory regions.

Supplementary Material

Abadi Appendix (a4-abadi-apndx.pdf)

Online appendix to control-flow integrity principles, implementations, and applications. The appendix supports the information on article 4.

Download
68.00 KB

References

[1]

Abadi, M. 1998. Protection in programming language translations. In Proceedings of the 25th International Colloquium on Automata, Languages and Programming. Springer-Verlag, Berlin, 868--883.

Digital Library

[2]

Abadi, M., Budiu, M., Erlingsson, Ú., and Ligatti, J. 2005. A theory of secure control flow. In Proceedings of the 7th International Conference on Formal Engineering Methods. Springer-Verlag, Berlin, 111--124.

Digital Library

[3]

Abadi, M., Budiu, M., Erlingsson, Ú., and Ligatti, J. 2005. Control-flow integrity: Principles, implementations, and applications. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, 340--353.

Digital Library

[4]

Aho, A. V., Sethi, R., and Ullman, J. D. 1985. Compilers: Principles, Techniques, Tools. Addison-Wesley, Reading, MA.

Digital Library

[5]

Apple Computer. 2003. Prebinding Notes. http://developer.apple.com/releasenotes/DeveloperTools/Prebinding.html.

[6]

Atkinson, D. C. 2002. Call graph extraction in the presence of function pointers. In Proceedings of the 2nd International Conference on Software Engineering Research and Practice. ACM, New York.

[7]

Avijit, K., Gupta, P., and Gupta, D. 2004. TIED, LibsafePlus: Tools for runtime buffer overflow protection. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 45--56.

Digital Library

[8]

Basu, S. and Uppuluri, P. 2004. Proxy-annotated control flow graphs: Deterministic context-sensitive monitoring for intrusion detection. In Proceedings of the International Conference on Distributed Computing and Internet Technology (ICDCIT'04). Springer, Berlin, 353--362.

Digital Library

[9]

Bauer, L., Ligatti, J., and Walker, D. 2005. Composing security policies with polymer. In Proceedings of the ACM Conference on Programming Language Design and Implementation (PLDI'05). ACM, New York, 305--314.

Digital Library

[10]

Bhatkar, S., Duvarney, D. C., and Sekar, R. 2003. Address obfuscation: An efficient approach to combat a broad range of memory error exploits. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 105--120.

Digital Library

[11]

Bishop, M. and Dilger, M. 1996. Checking for race conditions in file access. Comput. Syst. 9, 2, 131--152.

[12]

Brumley, D. and Song, D. 2004. Privtrans: Automatically partitioning programs for privilege separation. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 57--72.

Digital Library

[13]

Budiu, M., Erlingsson, Ú., and Abadi, M. 2006. Architectural support for software-based protection. In Proceedings of the 1st Workshop on Architectural and System Support for Improving Software Dependability (ASID'06). ACM, New York, 42--51.

Digital Library

[14]

Chen, S., Xu, J., Sezer, E. C., Gauriar, P., and Iyer, R. 2005. Non-control-data attacks are realistic threats. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 177--192.

Digital Library

[15]

Chiueh, T. and Hsu, F. 2001. RAD: A compile-time solution to buffer overflow attacks. In Proceedings of the 21st IEEE International Conference on Distributed Computing Systems. IEEE, Los Alamitos, CA, 409--419.

Digital Library

[16]

Cowan, C., Barringer, M., Beattie, S., Kroah-Hartman, G., Frantzen, M., and Lokier, J. 2001. FormatGuard: Automatic protection from print format string vulnerabilities. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA.

Digital Library

[17]

Cowan, C., Beattie, S., Johansen, J., and Wagle, P. 2003. PointGuard: Protecting pointers from buffer overflow vulnerabilities. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 91--104.

Digital Library

[18]

Cowan, C., Pu, C., Maier, D., Walpole, J., Bakke, P., Beattie, S., Grier, A., Wagle, P., Zhang, Q., and Hinton, H. 1998. StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 63--78.

Digital Library

[19]

Crandall, J. R. and Chong, F. T. 2004. Minos: Control data attack prevention orthogonal to memory model. In Proceedings of the International Symposium on Microarchitecture. ACM, New York.

Digital Library

[20]

Erlingsson, Ú., Abadi, M., Vrable, M., Budiu, M., and Necula, G. C. 2006. XFI: Software guards for system address spaces. In Proceedings of the 7th USENIX Symposium on Operating Systems Design and Implementation. USENIX, Berkeley, CA, 75--88.

Digital Library

[21]

Erlingsson, Ú. and Schneider, F. B. 1999. SASI enforcement of security policies: A retrospective. In Proceedings of the New Security Paradigms Workshop. IEEE, Los Alamitos, CA, 87--95.

Digital Library

[22]

Erlingsson, Ú. and Schneider, F. B. 2000. IRM enforcement of java stack inspection. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 246--255.

Digital Library

[23]

Evans, D. and Twyman, A. 1999. Policy-directed code safety. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA.

[24]

Feng, H., Kolesnikov, O., Fogla, P., Lee, W., and Gong, W. 2003. Anomaly detection using call stack information. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 62--77.

Digital Library

[25]

Feng, H. H., Giffin, J. T., Huang, Y., Jha, S., Lee, W., and Miller, B. P. 2004. Formalizing sensitivity in static analysis for intrusion detection. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 194--210.

[26]

Florio, E. 2004. Gdiplus vuln - ms04-028 - crash test jpeg. full-disclosure at lists.netsys.com. Forum message.

[27]

Forrest, S., Hofmeyr, S. A., Somayaji, A., and Longstaff, T. A. 1996. A sense of self for Unix processes. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 120--128.

Digital Library

[28]

Frantzen, M. and Shuey, M. 2001. StackGhost: Hardware facilitated stack protection. In Proceedings of the USENIXSecurity Symposium. USENIX, Berkeley, CA, 55--66.

Digital Library

[29]

Giffin, J. T., Jha, S., and Miller, B. P. 2002. Detecting manipulated remote call streams. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 61--79.

Digital Library

[30]

Giffin, J. T., Jha, S., and Miller, B. P. 2004. Efficient context-sensitive intrusion detection. In Proceedings of the Network and Distributed System Security Symposium (NDSS'04). ISOC, Reston, VA.

[31]

Gopalakrishna, R., Spafford, E. H., and Vitek, J. 2005. Efficient intrusion detection using automaton in-lining. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 18--31.

Digital Library

[32]

Govindavajhala, S. and Appel, A. W. 2003. Using memory errors to attack a virtual machine. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 154--165.

Digital Library

[33]

Hamid, N., Shao, Z., Trifonov, V., Monnier, S., and Ni, Z. 2002. A Syntactic Approach to Foundational Proof-Carrying Code. Tech. rep. YALEU/DCS/TR-1224, Dept. of Computer Science, Yale University.

[34]

Hardy, N. 1988. The confused deputy. ACM Oper. Syst. Rev. 22, 4, 36--38.

Digital Library

[35]

Harris, L. C. and Miller, B. P. 2005. Practical analysis of stripped binary code. SIGARCH Comput. Archit. News 33, 5, 63--68.

Digital Library

[36]

Hennessy, J. L. and Patterson, D. A. 2006. Computer Architecture: A Quantitative Approach 4th Ed. Morgan Kaufmann Publishers, San Francisco, CA.

Digital Library

[37]

Kennedy, A. 2005. Securing the .NET programming model. APPSEM II Workshop. http://research.microsoft.com/~akenn/sec/index.html.

[38]

Kiriansky, V., Bruening, D., and Amarasinghe, S. 2002. Secure execution via program shepherding. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 191--206.

Digital Library

[39]

Kirovski, D. and Drinic, M. 2004. POPI: A novel platform for intrusion prevention. In Proceedings of the International Symposium on Microarchitecture. IEEE, Los Alamitos, CA.

[40]

Lam, L. and Chiueh, T. 2004. Automatic extraction of accurate application-specific sandboxing policy. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID'04). Springer, Berlin, 1--20.

[41]

Larochelle, D. and Evans, D. 2001. Statically detecting likely buffer overflow vulnerabilities. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 177--190.

Digital Library

[42]

Larson, E. and Austin, T. 2003. High coverage detection of input-related security faults. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 121--136.

Digital Library

[43]

Mccamant, S. and Morrisett, G. 2005. Efficient, verifiable binary sandboxing for a CISC architecture. Tech. rep. MIT-LCS-TR-988, MIT Laboratory for Computer Science. http://publications.csail.mit.edu/lcs/pubs/pdf/MIT-LCS-TR-988.pdf.

[44]

Microsoft Corporation. 2004. Changes to Functionality in Microsoft Windows XP SP2: Memory Protection Technologies. http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr.mspx.

[45]

Morrisett, G., Walker, D., Crary, K., and Glew, N. 1999. From System F to typed assembly language. ACM Trans. Program. Lang. Syst. 21, 3, 527--568.

Digital Library

[46]

Nebenzahl, D. and Wool, A. 2004. Install-time vaccination of Windows executables to defend against stack smashing attacks. In Proceedings of the IFIP International Information Security Conference. Springer, Berlin.

[47]

Necula, G. 1997. Proof-carrying code. In Proceedings of the 24th ACM Symposium on Principles of Programming Languages. ACM, New York, 106--119.

Digital Library

[48]

Necula, G. C., McPeak, S., and Weimer, W. 2002. Cured: Type-safe retrofitting of legacy code. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages. ACM, New York, 128--139.

Digital Library

[49]

Oh, N., Shirvani, P. P., and McCluskey, E. J. 2002. Control flow checking by software signatures. IEEE Trans. Reliab. 51, 2.

[50]

Pax Project. 2004. The PaX Project. http://pax.grsecurity.net/.

[51]

Pincus, J. and Baker, B. 2004. Beyond stack smashing: Recent advances in exploiting buffer overruns. IEEE Secur. Privacy 2, 4, 20--27.

Digital Library

[52]

Prasad, M. and Chiueh, T. 2003. A binary rewriting defense against stack-based buffer overflow attacks. In Proceedings of the USENIX Technical Conference. USENIX, Berkeley, CA, 211--224.

[53]

Provos, N. 2003. Improving host security with system call policies. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 257--272.

Digital Library

[54]

Reis, G. A., Chang, J., Vachharajani, N., Rangan, R., and August, D. I. 2005. SWIFT: Software implemented fault tolerance. In Proceedings of the International Symposium on Code Generation and Optimization. IEEE, Los Alamitos, CA.

Digital Library

[55]

Ruwase, O. and Lam, M. S. 2004. A practical dynamic buffer overflow detector. In Proceedings of the Network and Distributed System Security Symposium. ISOC, Reston, VA.

[56]

Schneider, F. B. 2000. Enforceable security policies. ACM Trans. Inf. Syst. Secur. 3, 1, 30--50.

Digital Library

[57]

Scott, K. and Davidson, J. 2002. Safe virtual execution using software dynamic translation. In Proceedings of the 18th Annual Computer Security Applications Conference (ACSAC'02). IEEE, Los Alamitos, CA, 209.

Digital Library

[58]

Sekar, R., Bendre, M., Dhurjati, D., and Bollineni, P. 2001. A fast automaton-based method for detecting anomalous program behaviors. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 144--155.

Digital Library

[59]

Shacham, H., Page, M., Pfaff, B., Goh, E.-J., Modadugu, N., and Boneh, D. 2004. On the effectiveness of address-space randomization. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York.

Digital Library

[60]

Small, C. 1997. A tool for constructing safe extensible C++ systems. In Proceedings of the 3rd Conference on Object-Oriented Technologies and Systems. USENIX, Berkeley, CA.

Digital Library

[61]

Sovarel, A. N., Evans, D., and Paul, N. 2005. Where's the FEEB&quest;: The effectiveness of instruction set randomization. In Proceedings of the USENIX Security Symposium. USENIX, Berkeley, CA, 145--160.

Digital Library

[62]

Srivastava, A., Edwards, A., and Vo, H. 2001. Vulcan: Binary transformation in a distributed environment. Tech. rep. MSR-TR-2001-50, Microsoft Research.

[63]

Srivastava, A. and Eustace, A. 1994. ATOM: A system for building customized program analysis tools. Tech. rep. WRL Research Report 94/2, Digital Equipment Corporation.

Digital Library

[64]

Standard Performance Evaluation Corporation. 2000. SPEC CPU2000 Benchmark Suite. http://www.spec.org/osg/cpu2000/.

[65]

Suh, G. E., Lee, J. W., Zhang, D., and Devadas, S. 2004. Secure program execution via dynamic information flow tracking. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems. ACM, New York, 85--96.

Digital Library

[66]

Tuck, N., Calder, B., and Varghese, G. 2004. Hardware and binary modification support for code pointer protection from buffer overflow. In Proceedings of the International Symposium on Microarchitecture. ACM, New York.

Digital Library

[67]

Venkatasubramanian, R., Hayes, J. P., and Murray, B. T. 2003. Low-cost on-line fault detection using control flow assertions. In Proceedings of 9th IEEE International On-Line Testing Symposium. IEEE, Los Alamitos, CA.

[68]

Wagner, D. and Dean, D. 2001. Intrusion detection via static analysis. In Proceedings of the IEEE Symposium on Security and Privacy. IEEE, Los Alamitos, CA, 156--169.

Digital Library

[69]

Wagner, D. and Soto, P. 2002. Mimicry attacks on host based intrusion detection systems. In Proceedings of the ACM Conference on Computer and Communications Security. ACM, New York, 255--264.

Digital Library

[70]

Wahbe, R., Lucco, S., Anderson, T. E., and Graham, S. L. 1993. Efficient software-based fault isolation. ACM SIGOPS Oper. Syst. Rev. 27, 5, 203--216.

Digital Library

[71]

Wilander, J. and Kamkar, M. 2003. A comparison of publicly available tools for dynamic buffer overflow prevention. In Proceedings of the Network and Distributed System Security Symposium. ISOC, Reston, VA.

[72]

Winwood, S. and Chakravarty, M. M. T. 2005. Secure untrusted binaries—provably&excl; Tech. rep. UNSWCSE-TR-0511, School of Computer Science and Engineering, University of New South Wales, Australia.

[73]

Xu, J., Kalbarczyk, Z., and Iyer, R. K. 2003. Transparent runtime randomization for security. In Proceedings of the Symposium on Reliable and Distributed Systems. IEEE, Los Alamitos, CA.

[74]

Xu, J., Kalbarczyk, Z., Patel, S., and Iyer, R. 2002. Architecture support for defending against buffer overflow attacks. In Proceedings of the 2002 Workshop on Evaluating and Architecting System Dependability (EASY'02). ACM, New York.

Cited By

Li WWang WLi S(2024)CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI SchemesElectronics10.3390/electronics1309168113:9(1681)Online publication date: 26-Apr-2024
https://doi.org/10.3390/electronics13091681
Parisi EMusa AManoni SCiani MRossi DBarchi FBartolini AAcquaviva A(2024)TitanCFI: Toward Enforcing Control-Flow Integrity in the Root -of- Trust2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546873(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546873
Wang WFeng LShi ZZhuo CChen J(2024)Hardware-Assisted Control-Flow Integrity Enhancement for IoT Devices2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546789(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546789
Show More Cited By

Recommendations

Enforcing Unique Code Target Property for Control-Flow Integrity
CCS '18: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security

The goal of control-flow integrity (CFI) is to stop control-hijacking attacks by ensuring that each indirect control-flow transfer (ICT) jumps to its legitimate target. However, existing implementations of CFI have fallen short of this goal because ...
Control-flow integrity
CCS '05: Proceedings of the 12th ACM conference on Computer and communications security

Current software attacks often build on exploits that subvert machine-code execution. The enforcement of a basic safety property, Control-Flow Integrity (CFI), can prevent such attacks from arbitrarily controlling program behavior. CFI enforcement is ...
Combining control-flow integrity and static analysis for efficient and validated data sandboxing
CCS '11: Proceedings of the 18th ACM conference on Computer and communications security

In many software attacks, inducing an illegal control-flow transfer in the target system is one common step. Control-Flow Integrity (CFI) protects a software system by enforcing a pre-determined control-flow graph. In addition to providing strong ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 13, Issue 1

October 2009

289 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1609956

Issue’s Table of Contents

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 November 2009

Accepted: 01 June 2007

Revised: 01 February 2007

Received: 01 January 2006

Published in TISSEC Volume 13, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

478
Total Citations
View Citations
6,284
Total Downloads

Downloads (Last 12 months)594
Downloads (Last 6 weeks)64

Reflects downloads up to 21 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Li WWang WLi S(2024)CFIEE: An Open-Source Critical Metadata Extraction Tool for RISC-V Hardware-Based CFI SchemesElectronics10.3390/electronics1309168113:9(1681)Online publication date: 26-Apr-2024
https://doi.org/10.3390/electronics13091681
Parisi EMusa AManoni SCiani MRossi DBarchi FBartolini AAcquaviva A(2024)TitanCFI: Toward Enforcing Control-Flow Integrity in the Root -of- Trust2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546873(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546873
Wang WFeng LShi ZZhuo CChen J(2024)Hardware-Assisted Control-Flow Integrity Enhancement for IoT Devices2024 Design, Automation & Test in Europe Conference & Exhibition (DATE)10.23919/DATE58400.2024.10546789(1-6)Online publication date: 25-Mar-2024
https://doi.org/10.23919/DATE58400.2024.10546789
Yadav NVollmer FSadeghi ASmaragdakis GVoulimeneas A(2024)Orbital Shield: Rethinking Satellite Security in the Commercial Off-the-Shelf Era2024 Security for Space Systems (3S)10.23919/3S60530.2024.10592292(1-11)Online publication date: 27-May-2024
https://doi.org/10.23919/3S60530.2024.10592292
Chang ZLin JSun HLi RWang YHu BZhao XJiang DSun NWang S(2024)Chaos: Function Granularity Runtime Address Layout Space Randomization for Kernel ModuleProceedings of the 15th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3678015.3680476(23-30)Online publication date: 4-Sep-2024
https://dl.acm.org/doi/10.1145/3678015.3680476
Grisafi MAmmar MRoveri MCrispo B(2024)FLAShadow: A Flash-based Shadow Stack for Low-end Embedded SystemsACM Transactions on Internet of Things10.1145/36704135:3(1-29)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1145/3670413
Derasari PVenkataramani G(2024)EPIC: Efficient and Proactive Instruction-level CyberdefenseProceedings of the Great Lakes Symposium on VLSI 202410.1145/3649476.3658749(409-414)Online publication date: 12-Jun-2024
https://dl.acm.org/doi/10.1145/3649476.3658749
Zhang TTehranipoor MFarahmandi F(2024)TrustGuard: Standalone FPGA-Based Security Monitoring Through Power Side-ChannelIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.333587632:2(319-332)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TVLSI.2023.3335876
Zhang TRahman MKamali HAzar KFarahmandi F(2024)SiPGuard: Run-Time System-in-Package Security Monitoring via Power Noise VariationIEEE Transactions on Very Large Scale Integration (VLSI) Systems10.1109/TVLSI.2023.332238432:2(305-318)Online publication date: 1-Feb-2024
https://dl.acm.org/doi/10.1109/TVLSI.2023.3322384
Xu DChen KLin MLin CWang X(2024)AutoPwn: Artifact-Assisted Heap Exploit Generation for CTF PWN CompetitionsIEEE Transactions on Information Forensics and Security10.1109/TIFS.2023.332231919(293-306)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.1109/TIFS.2023.3322319
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents