Existence of CFH evasion attacks compliant with static control-flow graphs in multi-agent systems

Determine whether control-flow hijacking attacks against multi-agent systems exist that can compromise security while adhering to statically generated control-flow graphs produced during planning, analogous to evasion attacks that compromise conventional programs while complying with statically computed control-flow integrity constraints.

Background

The paper proposes a defense for multi-agent systems that generates a control-flow graph (CFG) and edge-specific contextual rules during planning, then enforces them at runtime. This approach is inspired by control-flow integrity (CFI) in programming languages, where known evasion attacks can compromise programs while remaining compliant with statically computed CFGs.

In the Limitations subsection, the authors note that, as in traditional CFI, generated graphs may be over-approximations and thus potentially permit executions that should not happen. They explicitly raise the question of whether analogous evasion strategies exist for multi-agent systems that follow permitted control flows yet still achieve a compromise.