Sok: Runtime integrity
This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
You shall not (by) pass! practical, secure, and fast pku-based sandboxing
A Voulimeneas, J Vinck, R Mechelinck… - Proceedings of the …, 2022 - dl.acm.org
Memory Protection Keys for Userspace (PKU) is a recent hardware feature that allows
programs to assign virtual memory pages to protection domains, and to change domain …
programs to assign virtual memory pages to protection domains, and to change domain …
On bridging the gap between control flow integrity and attestation schemes
M Ammar, A Abdelraoof, S Vlasceanu - 33rd USENIX Security …, 2024 - usenix.org
Control-flow hijacking attacks are still a major challenge in software security. Several means
of protection and detection have been proposed but gaps still exist. To bridge such gaps …
of protection and detection have been proposed but gaps still exist. To bridge such gaps …
SoK: Integrity, Attestation, and Auditing of Program Execution
This paper provides a systematic exploration of Control Flow Integrity (CFI) and Control Flow
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
Attestation (CFA) mechanisms, examining their differences and relationships. It addresses …
SuM: Efficient shadow stack protection on ARM Cortex-M
Abstract System software written in unsafe languages such as C/C++ is susceptible to
various types of security vulnerabilities. Historically, backward-edges such as return …
various types of security vulnerabilities. Historically, backward-edges such as return …
Protect the system call, protect (most of) the world with bastion
System calls are a critical building block in many serious security attacks, such as control-
flow hijacking and privilege escalation attacks. Security-sensitive system calls (eg, execve …
flow hijacking and privilege escalation attacks. Security-sensitive system calls (eg, execve …
Boosting Practical Control-Flow Integrity with Complete Field Sensitivity and Origin Awareness
H Xiang, Z Cheng, J Li, J Ma, K Lu - Proceedings of the 2024 on ACM …, 2024 - dl.acm.org
Control-flow integrity (CFI) is a strong and efficient defense mechanism against memory-
corruption attacks. The practical versions of CFI, which have been integrated into compilers …
corruption attacks. The practical versions of CFI, which have been integrated into compilers …
ThreadLock: Native Principal Isolation Through Memory Protection Keys
Inter-process isolation has been deployed in operating systems for decades, but secure intra-
process isolation remains an active research topic. Achieving secure intra-process isolation …
process isolation remains an active research topic. Achieving secure intra-process isolation …
metaSafer: A Technique to detect heap metadata corruption in WebAssembly
WebAssembly (Wasm), a technology enabling efficient native code execution in web
browsers, has seen a significant rise in adoption as a popular compilation target. This has …
browsers, has seen a significant rise in adoption as a popular compilation target. This has …
Enforcing C/C++ Type and Scope at Runtime for Control-Flow and Data-Flow Integrity
Control-flow hijacking and data-oriented attacks are becoming more sophisticated. These
attacks, especially data-oriented attacks, can result in critical security threats, such as …
attacks, especially data-oriented attacks, can result in critical security threats, such as …