Control-flow integrity: Precision, security, and performance
Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
{Control-Flow} bending: On the effectiveness of {Control-Flow} integrity
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Everything old is new again: Binary security of {WebAssembly}
WebAssembly is an increasingly popular compilation target designed to run code in
browsers and on other platforms safely and securely, by strictly separating code and data …
browsers and on other platforms safely and securely, by strictly separating code and data …
Practical context-sensitive CFI
Current Control-Flow Integrity (CFI) implementations track control edges individually,
insensitive to the context of preceding edges. Recent work demonstrates that this leaves …
insensitive to the context of preceding edges. Recent work demonstrates that this leaves …
SoK: Shining light on shadow stacks
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs.
Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, ie, indirect …
Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, ie, indirect …
Automatic Generation of {Data-Oriented} Exploits
As defense solutions against control-flow hijacking attacks gain wide deployment, control-
oriented exploits from memory errors become difficult. As an alternative, attacks targeting …
oriented exploits from memory errors become difficult. As an alternative, attacks targeting …
Per-input control-flow integrity
Control-Flow Integrity (CFI) is an effective approach to mitigating control-flow hijacking
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …
attacks. Conventional CFI techniques statically extract a control-flow graph (CFG) from a …