Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …

Software obfuscation has always been a controversially discussed research area. While
theoretical results indicate that provably secure obfuscation in general is impossible, its …

Modern processors use branch prediction and speculative execution to maximize
performance. For example, if the destination of a branch depends on a memory value that is …

The recent Spectre attack first showed how to inject incorrect branch targets into a victim
domain by poisoning microarchitectural branch prediction history. In this paper, we …

Research on transient execution attacks including Spectre and Meltdown showed that
exception or branch misprediction events might leave secret-dependent traces in the CPU's …

Coverage-guided fuzzing is a widely used and effective solution to find software
vulnerabilities. Tracking code coverage and utilizing it to guide fuzzing are crucial to …

Speculative execution side-channel vulnerabilities in micro-architecture processors have
raised concerns about the security of Intel SGX. To understand clearly the security impact of …

Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-
level, semantically rich information about data structures and control constructs makes the …

As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …