Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Verifying {Constant-Time} Implementations
The constant-time programming discipline is an effective countermeasure against timing
attacks, which can lead to complete breaks of otherwise secure systems. However, adhering …
attacks, which can lead to complete breaks of otherwise secure systems. However, adhering …
Practical context-sensitive CFI
Current Control-Flow Integrity (CFI) implementations track control edges individually,
insensitive to the context of preceding edges. Recent work demonstrates that this leaves …
insensitive to the context of preceding edges. Recent work demonstrates that this leaves …
Control jujutsu: On the weaknesses of fine-grained control flow integrity
Control flow integrity (CFI) has been proposed as an approach to defend against control-
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …
Strictly declarative specification of sophisticated points-to analyses
M Bravenboer, Y Smaragdakis - Proceedings of the 24th ACM SIGPLAN …, 2009 - dl.acm.org
We present the DOOP framework for points-to analysis of Java programs. DOOP builds on
the idea of specifying pointer analysis algorithms declaratively, using Datalog: a logic-based …
the idea of specifying pointer analysis algorithms declaratively, using Datalog: a logic-based …
KCoFI: Complete control-flow integrity for commodity operating system kernels
J Criswell, N Dautenhahn… - 2014 IEEE symposium on …, 2014 - ieeexplore.ieee.org
We present a new system, KCoFI, that is the first we know of to provide complete Control-
Flow Integrity protection for commodity operating systems without using heavyweight …
Flow Integrity protection for commodity operating systems without using heavyweight …
A predictable execution model for COTS-based embedded systems
Building safety-critical real-time systems out of inexpensive, non-real-time, COTS
components is challenging. Although COTS components generally offer high performance …
components is challenging. Although COTS components generally offer high performance …
Heap abstractions for static analysis
V Kanvar, UP Khedker - ACM Computing Surveys (CSUR), 2016 - dl.acm.org
Heap data is potentially unbounded and seemingly arbitrary. Hence, unlike stack and static
data, heap data cannot be abstracted in terms of a fixed set of program variables. This …
data, heap data cannot be abstracted in terms of a fixed set of program variables. This …
Losing control: On the effectiveness of control-flow integrity under stack attacks
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …
[PDF][PDF] Baggy Bounds Checking: An Efficient and Backwards-Compatible Defense against Out-of-Bounds Errors.
Attacks that exploit out-of-bounds errors in C and C++ programs are still prevalent despite
many years of research on bounds checking. Previous backwards compatible bounds …
many years of research on bounds checking. Previous backwards compatible bounds …