A survey on systems security metrics
M Pendleton, R Garcia-Lebron, JH Cho… - ACM Computing Surveys …, 2016 - dl.acm.org
Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …
systematically explored based on the understanding of attack-defense interactions, which …
Moving target defense techniques: A survey
C Lei, HQ Zhang, JL Tan, YC Zhang… - Security and …, 2018 - Wiley Online Library
As an active defense technique to change asymmetry in cyberattack‐defense confrontation,
moving target defense research has become one of the hot spots. In order to gain better …
moving target defense research has become one of the hot spots. In order to gain better …
Internet of Things: A survey on the security of IoT frameworks
M Ammar, G Russello, B Crispo - Journal of Information Security and …, 2018 - Elsevier
Abstract The Internet of Things (IoT) is heavily affecting our daily lives in many domains,
ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety …
ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety …
Software grand exposure:{SGX} cache attacks are practical
F Brasser, U Müller, A Dmitrienko… - 11th USENIX workshop …, 2017 - usenix.org
Intel SGX isolates the memory of security-critical applications from the untrusted OS.
However, it has been speculated that SGX may be vulnerable to side-channel attacks …
However, it has been speculated that SGX may be vulnerable to side-channel attacks …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
The cybersecurity landscape in industrial control systems
Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …
systems to modern information and communication technology (ICT)-based systems …
Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications
F Schuster, T Tendyck, C Liebchen… - … IEEE Symposium on …, 2015 - ieeexplore.ieee.org
Code reuse attacks such as return-oriented programming (ROP) have become prevalent
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
[PDF][PDF] ASLR on the Line: Practical Cache Attacks on the MMU.
Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …
memory corruption attacks and a building block for many modern countermeasures. Existing …
Jump over ASLR: Attacking branch predictors to bypass ASLR
D Evtyushkin, D Ponomarev… - 2016 49th Annual …, 2016 - ieeexplore.ieee.org
Address Space Layout Randomization (ASLR) is a widely-used technique that protects
systems against a range of attacks. ASLR works by randomizing the offset of key program …
systems against a range of attacks. ASLR works by randomizing the offset of key program …