Binary rewriting is changing the semantics of a program without having the source code at
hand. It is used for diverse purposes, such as emulation (eg, QEMU), optimization (eg …

Current binary-level Control-Flow Integrity (CFI) techniques are weak in determining the set
of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of …

Intel Memory Protection Keys (MPK) is a new hardware primitive to support thread-local
permission control on groups of pages without requiring modification of page tables …

It is well-known that static disassembly is an unsolved problem, but how much of a problem
is it in real software—for instance, for binary protection schemes? This work studies the …

Memory corruption vulnerabilities are the root cause of many modern attacks. Existing
defense mechanisms are inadequate; in general, the software-based approaches are not …

Binary type inference is a critical reverse engineering task supporting many security
applications, including vulnerability analysis, binary hardening, forensics, and …

We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior
work, Nucleus is compiler-agnostic, and does not require any learning phase or signature …

Control-flow hijacking is the principal method for code-reuse techniques like Return-oriented
Programming (ROP) and Jump-oriented Programming (JOP). For defending against such …

With new defenses against traditional control-flow attacks like stack buffer overflows,
attackers are increasingly using more advanced mechanisms to take control of execution …

Control-flow integrity (CFI) is a promising technique to mitigate control-flow hijacking attacks.
In the past decade, dozens of CFI mechanisms have been proposed by researchers …