The maturation of the Web platform has given rise to sophisticated and demanding Web
applications such as interactive 3D visualization, audio and video software, and games. With …

Intel SGX hardware enables applications to protect themselves from potentially-malicious
OSes or hypervisors. In cloud computing and other systems, many users and applications …

Intel SGX isolates the memory of security-critical applications from the untrusted OS.
However, it has been speculated that SGX may be vulnerable to side-channel attacks …

Sanctum offers the same promise as Intel's Software Guard Extensions (SGX), namely
strong provable isolation of software modules running concurrently and sharing resources …

Today's cloud computing infrastructure requires substantial trust. Cloud users rely on both
the provider's staff and its globally distributed software/hardware platform not to expose any …

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …

Users of modern data-processing services such as tax preparation or genomic screening
are forced to trust them with data that the users wish to keep secret. Ryoan1 protects secret …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

Memory corruption bugs in software written in low-level languages like C or C++ are one of
the oldest problems in computer security. The lack of safety in these languages allows …

Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …