Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization
Fine-grained address space layout randomization (ASLR) has recently been proposed as a
method of efficiently mitigating runtime attacks. In this paper, we introduce the design and …
method of efficiently mitigating runtime attacks. In this paper, we introduce the design and …
LLVM: A compilation framework for lifelong program analysis & transformation
C Lattner, V Adve - … on code generation and optimization, 2004 …, 2004 - ieeexplore.ieee.org
We describe LLVM (low level virtual machine), a compiler framework designed to support
transparent, lifelong program analysis and transformation for arbitrary programs, by …
transparent, lifelong program analysis and transformation for arbitrary programs, by …
SoftBound: Highly compatible and complete spatial memory safety for C
The serious bugs and security vulnerabilities facilitated by C/C++'s lack of bounds checking
are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary …
are well known, yet C and C++ remain in widespread use. Unfortunately, C's arbitrary …
CETS: compiler enforced temporal safety for C
Temporal memory safety errors, such as dangling pointer dereferences and double frees,
are a prevalent source of software bugs in unmanaged languages such as C. Existing …
are a prevalent source of software bugs in unmanaged languages such as C. Existing …
DieHard: Probabilistic memory safety for unsafe languages
Applications written in unsafe languages like C and C++ are vulnerable to memory errors
such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can …
such as buffer overflows, dangling pointers, and reads of uninitialized data. Such errors can …
Embedded systems security—an overview
S Parameswaran, T Wolf - Design Automation for Embedded Systems, 2008 - Springer
Security is an important aspect of embedded system design. The characteristics of
embedded systems give rise to a number of novel vulnerabilities. A variety of different …
embedded systems give rise to a number of novel vulnerabilities. A variety of different …
Runtime countermeasures for code injection attacks against C and C++ programs
Y Younan, W Joosen, F Piessens - ACM Computing Surveys (CSUR), 2012 - dl.acm.org
The lack of memory safety in C/C++ often leads to vulnerabilities. Code injection attacks
exploit these vulnerabilities to gain control over the execution flow of applications. These …
exploit these vulnerabilities to gain control over the execution flow of applications. These …
Hardbound: Architectural support for spatial safety of the C programming language
The C programming language is at least as well known for its absence of spatial memory
safety guarantees (ie, lack of bounds checking) as it is for its high performance. C's …
safety guarantees (ie, lack of bounds checking) as it is for its high performance. C's …
Undangle: early detection of dangling pointers in use-after-free and double-free vulnerabilities
Use-after-free vulnerabilities are rapidly growing in popularity, especially for exploiting web
browsers. Use-after-free (and double-free) vulnerabilities are caused by a program …
browsers. Use-after-free (and double-free) vulnerabilities are caused by a program …
Enhancing Server Availability and Security Through Failure-Oblivious Computing.
We present a new technique, failure-oblivious computing, that enables servers to execute
through memory errors without memory corruption. Our safe compiler for C inserts checks …
through memory errors without memory corruption. Our safe compiler for C inserts checks …