Control-flow integrity: Precision, security, and performance
Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
Dedup est machina: Memory deduplication as an advanced exploitation vector
Memory deduplication, a well-known technique to reduce the memory footprint across virtual
machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 …
machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 …
A tough call: Mitigating advanced code-reuse attacks at the binary level
Current binary-level Control-Flow Integrity (CFI) techniques are weak in determining the set
of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of …
of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of …
Where does it go? refining indirect-call targets with multi-layer type analysis
System software commonly uses indirect calls to realize dynamic program behaviors.
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
However, indirect-calls also bring challenges to constructing a precise control-flow graph …
Typestate-guided fuzzer for discovering use-after-free vulnerabilities
Existing coverage-based fuzzers usually use the individual control flow graph (CFG) edge
coverage to guide the fuzzing process, which has shown great potential in finding …
coverage to guide the fuzzing process, which has shown great potential in finding …
Shuffler: fast and deployable continuous code {re-randomization}
D Williams-King, G Gobieski, K Williams-King… - … USENIX Symposium on …, 2016 - usenix.org
While code injection attacks have been virtually eliminated on modern systems, programs
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
HDFI: Hardware-assisted data-flow isolation
Memory corruption vulnerabilities are the root cause of many modern attacks. Existing
defense mechanisms are inadequate; in general, the software-based approaches are not …
defense mechanisms are inadequate; in general, the software-based approaches are not …
[PDF][PDF] Enforcing Kernel Security Invariants with Data Flow Integrity.
The operation system kernel is the foundation of the whole system and is often the de facto
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
trusted computing base for many higher level security mechanisms. Unfortunately, kernel …
Griffin: Guarding control flows using intel processor trace
Researchers are actively exploring techniques to enforce control-flow integrity (CFI), which
restricts program execution to a predefined set of targets for each indirect control transfer to …
restricts program execution to a predefined set of targets for each indirect control transfer to …