Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
Automatic Generation of {Data-Oriented} Exploits
As defense solutions against control-flow hijacking attacks gain wide deployment, control-
oriented exploits from memory errors become difficult. As an alternative, attacks targeting …
oriented exploits from memory errors become difficult. As an alternative, attacks targeting …
Block oriented programming: Automating data-only attacks
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking
attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits …
attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits …
[PDF][PDF] Opaque Control-Flow Integrity.
A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
KCoFI: Complete control-flow integrity for commodity operating system kernels
J Criswell, N Dautenhahn… - 2014 IEEE symposium on …, 2014 - ieeexplore.ieee.org
We present a new system, KCoFI, that is the first we know of to provide complete Control-
Flow Integrity protection for commodity operating systems without using heavyweight …
Flow Integrity protection for commodity operating systems without using heavyweight …
Losing control: On the effectiveness of control-flow integrity under stack attacks
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …
Inception: Exposing new attack surfaces with training in transient execution
To protect against transient control-flow hijacks, software relies on a secure state of
microarchitectural buffers that are involved in branching decisions. To achieve this secure …
microarchitectural buffers that are involved in branching decisions. To achieve this secure …
Efficient Protection of {Path-Sensitive} Control Security
Control-Flow Integrity (CFI), as a means to prevent control-flow hijacking attacks, enforces
that each instruction transfers control to an address in a set of valid targets. The security …
that each instruction transfers control to an address in a set of valid targets. The security …
Out of control: Overcoming control-flow integrity
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined
attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its …
attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its …
HCFI: Hardware-enforced control-flow integrity
N Christoulakis, G Christou, E Athanasopoulos… - Proceedings of the …, 2016 - dl.acm.org
Control-flow hijacking is the principal method for code-reuse techniques like Return-oriented
Programming (ROP) and Jump-oriented Programming (JOP). For defending against such …
Programming (ROP) and Jump-oriented Programming (JOP). For defending against such …