A cocktail approach to practical call graph construction
After decades of research, constructing call graphs for modern C-based software remains
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …
either imprecise or inefficient when scaling up to the ever-growing complexity. The main …
Abslearn: a gnn-based framework for aliasing and buffer-size information retrieval
Inferring aliasing and buffer-size information is important to understanding a C program's
memory layout, which is critical to program analysis and security-related tasks. However …
memory layout, which is critical to program analysis and security-related tasks. However …
[PDF][PDF] Unleashing the power of type-based call graph construction by using regional pointer information
When dealing with millions of lines of C code, we still cannot have the cake and eat it: type
analysis for call graph construction is scalable yet highly imprecise. We address this …
analysis for call graph construction is scalable yet highly imprecise. We address this …
Origin-sensitive control flow integrity
CFI is an effective, generic defense against control-flow hijacking attacks, especially for
C/C++ programs. However, most previous CFI systems have poor security as demonstrated …
C/C++ programs. However, most previous CFI systems have poor security as demonstrated …
Finding cracks in shields: On the security of control flow integrity mechanisms
Control-flow integrity (CFI) is a promising technique to mitigate control-flow hijacking attacks.
In the past decade, dozens of CFI mechanisms have been proposed by researchers …
In the past decade, dozens of CFI mechanisms have been proposed by researchers …
{ARCUS}: symbolic root cause analysis of exploits in production systems
End-host runtime monitors (eg, CFI, system call IDS) flag processes in response to
symptoms of a possible attack. Unfortunately, the symptom (eg, invalid control transfer) may …
symptoms of a possible attack. Unfortunately, the symptom (eg, invalid control transfer) may …
FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking
We present the design, implementation, and evaluation of FineIBT: a CFI enforcement
mechanism that improves the precision of hardware-assisted CFI solutions, like Intel IBT, by …
mechanism that improves the precision of hardware-assisted CFI solutions, like Intel IBT, by …
Control flow and pointer integrity enforcement in a secure tagged architecture
RT Gollapudi, G Yuksek, D Demicco… - … IEEE Symposium on …, 2023 - ieeexplore.ieee.org
Control flow attacks exploit software vulnerabilities to divert the flow of control into
unintended paths to ultimately execute attack code. This paper explores the use of …
unintended paths to ultimately execute attack code. This paper explores the use of …
Protect the system call, protect (most of) the world with bastion
System calls are a critical building block in many serious security attacks, such as control-
flow hijacking and privilege escalation attacks. Security-sensitive system calls (eg, execve …
flow hijacking and privilege escalation attacks. Security-sensitive system calls (eg, execve …
TyPro: Forward CFI for C-style indirect function calls using type propagation
Maliciously-overwritten function pointers in C programs often lead to arbitrary code
execution. In principle, forward CFI schemes mitigate this problem by restricting indirect …
execution. In principle, forward CFI schemes mitigate this problem by restricting indirect …