Return-oriented programming without returns
We show that on both the x86 and ARM architectures it is possible to mount return-oriented
programming attacks without using return instructions. Our attacks instead make use of …
programming attacks without using return instructions. Our attacks instead make use of …
Privilege escalation attacks on android
Android is a modern and popular software platform for smartphones. Among its predominant
features is an advanced security model which is based on application-oriented mandatory …
features is an advanced security model which is based on application-oriented mandatory …
Principles and implementation techniques of software-based fault isolation
G Tan - Foundations and Trends® in Privacy and Security, 2017 - nowpublishers.com
When protecting a computer system, it is often necessary to isolate an untrusted component
into a separate protection domain and provide only controlled interaction between the …
into a separate protection domain and provide only controlled interaction between the …
WaVe: a verifiably secure WebAssembly sandboxing runtime
The promise of software sandboxing is flexible, fast and portable isolation; capturing the
benefits of hardwarebased memory protection without requiring operating system …
benefits of hardwarebased memory protection without requiring operating system …
Droidchecker: analyzing android applications for capability leak
PPF Chan, LCK Hui, SM Yiu - Proceedings of the fifth ACM conference …, 2012 - dl.acm.org
While Apple has checked every app available on the App Store, Google takes another
approach that allows anyone to publish apps on the Android Market. The openness of the …
approach that allows anyone to publish apps on the Android Market. The openness of the …
Private-library-oriented code generation with large language models
Large language models (LLMs), such as Codex and GPT-4, have recently showcased their
remarkable code generation abilities, facilitating a significant boost in coding efficiency. This …
remarkable code generation abilities, facilitating a significant boost in coding efficiency. This …
[PDF][PDF] Favocado: Fuzzing the Binding Code of JavaScript Engines Using Semantically Correct Test Cases.
JavaScript runtime systems include some specialized programming interfaces, called
binding layers. Binding layers translate data representations between JavaScript and unsafe …
binding layers. Binding layers translate data representations between JavaScript and unsafe …
A multilanguage static analysis of python programs with native C extensions
Modern programs are increasingly multilanguage, to benefit from each programming
language's advantages and to reuse libraries. For example, developers may want to …
language's advantages and to reuse libraries. For example, developers may want to …
Detecting cross-language memory management issues in rust
Rust is a promising system-level programming language that can prevent memory
corruption bugs using its strong type system and ownership-based memory management …
corruption bugs using its strong type system and ownership-based memory management …
On tracking information flows through jni in android applications
Android provides native development kit through JNI for developing high-performance
applications (or simply apps). Although recent years have witnessed a considerable …
applications (or simply apps). Although recent years have witnessed a considerable …