Control-flow integrity: Precision, security, and performance
Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
Automatic vulnerability detection in embedded devices and firmware: Survey and layered taxonomies
In the era of the internet of things (IoT), software-enabled inter-connected devices are of
paramount importance. The embedded systems are very frequently used in both security …
paramount importance. The embedded systems are very frequently used in both security …
Lemna: Explaining deep learning based security applications
While deep learning has shown a great potential in various domains, the lack of
transparency has limited its application in security or safety-critical areas. Existing research …
transparency has limited its application in security or safety-critical areas. Existing research …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
{Control-Flow} bending: On the effectiveness of {Control-Flow} integrity
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
The cybersecurity landscape in industrial control systems
Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …
systems to modern information and communication technology (ICT)-based systems …
Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications
F Schuster, T Tendyck, C Liebchen… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
Code reuse attacks such as return-oriented programming (ROP) have become prevalent
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
C-FLAT: control-flow attestation for embedded systems software
Remote attestation is a crucial security service particularly relevant to increasingly popular
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …
Enforcing {Forward-Edge}{Control-Flow} integrity in {GCC} & {LLVM}
C Tice, T Roeder, P Collingbourne… - 23rd USENIX security …, 2014 - usenix.org
Constraining dynamic control transfers is a common technique for mitigating software
vulnerabilities. This defense has been widely and successfully used to protect return …
vulnerabilities. This defense has been widely and successfully used to protect return …