Control-flow integrity: Precision, security, and performance
Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
A survey: When moving target defense meets game theory
J Tan, H Jin, H Zhang, Y Zhang, D Chang, X Liu… - Computer Science …, 2023 - Elsevier
Moving target defense (MTD) can break through asymmetry between attackers and
defenders. To improve the effectiveness of cybersecurity defense techniques, defense …
defenders. To improve the effectiveness of cybersecurity defense techniques, defense …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
{Control-Flow} bending: On the effectiveness of {Control-Flow} integrity
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
Ryoan: A distributed sandbox for untrusted computation on secret data
Users of modern data-processing services such as tax preparation or genomic screening
are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret …
are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret …
The cybersecurity landscape in industrial control systems
Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …
systems to modern information and communication technology (ICT)-based systems …
Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications
F Schuster, T Tendyck, C Liebchen… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
Code reuse attacks such as return-oriented programming (ROP) have become prevalent
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Enforcing {Forward-Edge}{Control-Flow} integrity in {GCC} & {LLVM}
C Tice, T Roeder, P Collingbourne… - 23rd USENIX security …, 2014 - usenix.org
Constraining dynamic control transfers is a common technique for mitigating software
vulnerabilities. This defense has been widely and successfully used to protect return …
vulnerabilities. This defense has been widely and successfully used to protect return …