A Haas, A Rossberg, DL Schuff, BL Titzer… - Proceedings of the 38th …, 2017 - dl.acm.org
The maturation of the Web platform has given rise to sophisticated and demanding Web applications such as interactive 3D visualization, audio and video software, and games. With …
KS Lhee, SJ Chapin - Software: practice and experience, 2003 - Wiley Online Library
Buffer overflow vulnerabilities are among the most widespread of security problems. Numerous incidents of buffer overflow attacks have been reported and many solutions have …
Rust is a new systems programming language that promises to overcome the seemingly fundamental tradeoff between high-level safety guarantees and low-level control over …
H Hu, S Shinde, S Adrian, ZL Chua… - … IEEE Symposium on …, 2016 - ieeexplore.ieee.org
As control-flow hijacking defenses gain adoption, it is important to understand the remaining capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Memory corruption bugs in software written in low-level languages like C or C++ are one of the oldest problems in computer security. The lack of safety in these languages allows …
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory …
Motivated by contemporary security challenges, we reevaluate and refine capability-based addressing for the RISC era. We present CHERI, a hybrid capability model that extends the …