Nibbler: debloating binary shared libraries
Developers today have access to an arsenal of toolkits and libraries for rapid application
prototyping. However, when an application loads a library, the entirety of that library's code …
prototyping. However, when an application loads a library, the entirety of that library's code …
Compiler-assisted code randomization
Despite decades of research on software diversification, only address space layout
randomization has seen widespread adoption. Code randomization, an effective defense …
randomization has seen widespread adoption. Code randomization, an effective defense …
The dynamics of innocent flesh on the bone: Code reuse ten years later
V van der Veen, D Andriesse… - Proceedings of the …, 2017 - dl.acm.org
In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the
first systematic formulation of code reuse. The paper has been highly influential, profoundly …
first systematic formulation of code reuse. The paper has been highly influential, profoundly …
HARM: Hardware-assisted continuous re-randomization for microcontrollers
Microcontroller-based embedded systems have become ubiquitous with the emergence of
IoT technology. Given its critical roles in many applications, its security is becoming …
IoT technology. Given its critical roles in many applications, its security is becoming …
CoDaRR: Continuous data space randomization against data-only attacks
The widespread deployment of exploit mitigations such as CFI and shadow stacks are
making code-reuse attacks increasingly difficult. This has forced adversaries to consider …
making code-reuse attacks increasingly difficult. This has forced adversaries to consider …
Seimi: Efficient and secure smap-enabled intra-process memory isolation
Memory-corruption attacks such as code-reuse attacks and data-only attacks have been a
key threat to systems security. To counter these threats, researchers have proposed a variety …
key threat to systems security. To counter these threats, researchers have proposed a variety …
What you can read is what you can't execute
Due to the address space layout randomization (ASLR), code reuse attacks (CRAs) require
memory probes to get available gadgets. Code reading is the basic way to obtain code …
memory probes to get available gadgets. Code reading is the basic way to obtain code …
SofTEE: Software-based trusted execution environment for user applications
U Lee, C Park - IEEE access, 2020 - ieeexplore.ieee.org
Commodity operating systems are considered vulnerable. Therefore, when an application
handles security-sensitive data, it is highly recommended to run the application in a trusted …
handles security-sensitive data, it is highly recommended to run the application in a trusted …
Large-scale debloating of binary shared libraries
I Agadakos, N Demarinis, D Jin… - … Threats: Research and …, 2020 - dl.acm.org
Developers nowadays have access to an arsenal of toolkits and libraries for rapid
application prototyping. However, when an application loads a library, the entirety of that …
application prototyping. However, when an application loads a library, the entirety of that …
SeBROP: blind ROP attacks without returns
T Zhang, M Cai, D Zhang, H Huang - Frontiers of Computer Science, 2022 - Springer
Currently, security-critical server programs are well protected by various defense
techniques, such as Address Space Layout Randomization (ASLR), eXecute Only Memory …
techniques, such as Address Space Layout Randomization (ASLR), eXecute Only Memory …