The C and C++ programming languages are notoriously insecure yet remain indispensable.
Developers therefore resort to a multi-pronged approach to find security issues before …

Application requirements evolve over time and the underlying protocols need to adapt. Most
transport protocols evolve by negotiating protocol extensions during the handshake …

The CHERI architecture allows pointers to be implemented as capabilities (rather than
integer virtual addresses) in a manner that is compatible with, and strengthens, the …

This technical report describes CHERI ISAv7, the seventh version of the Capability
Hardware Enhanced RISC Instructions (CHERI) Instruction-Set Architecture (ISA) being …

We present CHERI Concentrate, a new fat-pointer compression scheme applied to CHERI,
the most developed capability-pointer system at present. Capability fat pointers are a …

A memory safety violation occurs when a program has an out-of-bound (spatial safety) or
use-after-free (temporal safety) memory access. Given its importance as a security …

Fuzzing is a software testing technique that quickly and automatically explores the input
space of a program without knowing its internals. Therefore, developers commonly use …

WebAssembly (Wasm) is a low-level platform-independent bytecode language. Today,
developers can compile C/C++ to Wasm and run it everywhere, at almost native speeds …

Most functional languages rely on some kind of garbage collection for automatic memory
management. They usually eschew reference counting in favor of a tracing garbage …

Gaining reliable arbitrary code execution through the exploitation of memory corruption
vulnerabilities is becoming increasingly more difficult in the face of modern exploit …