Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Prefetch side-channel attacks: Bypassing SMAP and kernel ASLR
Modern operating systems use hardware support to protect against control-flow hijacking
attacks such as code-injection attacks. Typically, write access to executable pages is …
attacks such as code-injection attacks. Typically, write access to executable pages is …
Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization
Fine-grained address space layout randomization (ASLR) has recently been proposed as a
method of efficiently mitigating runtime attacks. In this paper, we introduce the design and …
method of efficiently mitigating runtime attacks. In this paper, we introduce the design and …
Practical timing side channel attacks against kernel space ASLR
Due to the prevalence of control-flow hijacking attacks, a wide variety of defense methods to
protect both user space and kernel space code have been developed in the past years. A …
protect both user space and kernel space code have been developed in the past years. A …
Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world
TrustZone-based Real-time Kernel Protection (TZ-RKP) is a novel system that provides real-
time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more …
time protection of the OS kernel using the ARM TrustZone secure world. TZ-RKP is more …
Jump-oriented programming: a new class of code-reuse attack
Return-oriented programming is an effective code-reuse attack in which short code
sequences ending in a ret instruction are found within existing binaries and executed in …
sequences ending in a ret instruction are found within existing binaries and executed in …
Return-oriented programming without returns
We show that on both the x86 and ARM architectures it is possible to mount return-oriented
programming attacks without using return instructions. Our attacks instead make use of …
programming attacks without using return instructions. Our attacks instead make use of …
Return-oriented programming: Systems, languages, and applications
We introduce return-oriented programming, a technique by which an attacker can induce
arbitrary behavior in a program whose control flow he has diverted, without injecting any …
arbitrary behavior in a program whose control flow he has diverted, without injecting any …
Smashing the gadgets: Hindering return-oriented programming using in-place code randomization
V Pappas, M Polychronakis… - 2012 IEEE Symposium …, 2012 - ieeexplore.ieee.org
The wide adoption of non-executable page protections in recent versions of popular
operating systems has given rise to attacks that employ return-oriented programming (ROP) …
operating systems has given rise to attacks that employ return-oriented programming (ROP) …
Hypersafe: A lightweight approach to provide lifetime hypervisor control-flow integrity
Virtualization is being widely adopted in today's computing systems. Its unique security
advantages in isolating and introspecting commodity OSes as virtual machines (VMs) have …
advantages in isolating and introspecting commodity OSes as virtual machines (VMs) have …