Methods for enforcing control flow of a computer program
One aspect of the invention provides a method of controlling execution of a computer
program. The method comprises the following runtime steps: parsing code to identify one or …
program. The method comprises the following runtime steps: parsing code to identify one or …
WaVe: a verifiably secure WebAssembly sandboxing runtime
The promise of software sandboxing is flexible, fast and portable isolation; capturing the
benefits of hardwarebased memory protection without requiring operating system …
benefits of hardwarebased memory protection without requiring operating system …
Speccfi: Mitigating spectre attacks using cfi informed speculation
EM Koruyeh, SHA Shirazi… - … IEEE Symposium on …, 2020 - ieeexplore.ieee.org
Spectre attacks and their many subsequent variants are a new vulnerability class affecting
modern CPUs. The attacks rely on the ability to misguide speculative execution, generally by …
modern CPUs. The attacks rely on the ability to misguide speculative execution, generally by …
Profile-guided automated software diversity
Code-reuse attacks are notoriously hard to defeat, and most current solutions to the problem
focus on automated software diversity. This is a promising area of research, as diversity …
focus on automated software diversity. This is a promising area of research, as diversity …
RockJIT: Securing just-in-time compilation using modular control-flow integrity
Managed languages such as JavaScript are popular. For performance, modern
implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to …
implementations of managed languages adopt Just-In-Time (JIT) compilation. The danger to …
RockSalt: better, faster, stronger SFI for the x86
Software-based fault isolation (SFI), as used in Google's Native Client (NaCl), relies upon a
conceptually simple machine-code analysis to enforce a security policy. But for complicated …
conceptually simple machine-code analysis to enforce a security policy. But for complicated …
[PDF][PDF] vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries.
Control-Flow Integrity (CFI) is an important security property that needs to be enforced to
prevent controlflow hijacking attacks. Recent attacks have demonstrated that existing CFI …
prevent controlflow hijacking attacks. Recent attacks have demonstrated that existing CFI …
Methods for enforcing control flow of a computer program
One aspect of the invention provides a method of controlling execution of a computer
program. The method comprises the following runtime steps: parsing code to identify one or …
program. The method comprises the following runtime steps: parsing code to identify one or …
{Provably-Safe} multilingual software sandboxing using {WebAssembly}
J Bosamiya, WS Lim, B Parno - 31st USENIX Security Symposium …, 2022 - usenix.org
Many applications, from the Web to smart contracts, need to safely execute untrusted code.
We observe that WebAssembly (Wasm) is ideally positioned to support such applications …
We observe that WebAssembly (Wasm) is ideally positioned to support such applications …
{EPK}: Scalable and Efficient Memory Protection Keys
As a hardware mechanism for facilitating intra-process memory isolation, Intel Memory
Protection Keys (MPK) has been leveraged to efficiently improve the isolation, security, or …
Protection Keys (MPK) has been leveraged to efficiently improve the isolation, security, or …