Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …

Various system metrics have been proposed for measuring the quality of computer-based
systems, such as dependability and security metrics for estimating their performance and …

As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …

Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

Remote attestation is a crucial security service particularly relevant to increasingly popular
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …

WebAssembly is an increasingly popular compilation target designed to run code in
browsers and on other platforms safely and securely, by strictly separating code and data …

Current Control-Flow Integrity (CFI) implementations track control edges individually,
insensitive to the context of preceding edges. Recent work demonstrates that this leaves …

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs.
Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, ie, indirect …

Control flow integrity (CFI) has been proposed as an approach to defend against control-
hijacking memory corruption attacks. CFI works by assigning tags to indirect branch targets …