Cyber-attacks are becoming more sophisticated and thereby presenting increasing
challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade …

The detection of software vulnerability requires critical attention during the development
phase to make it secure and less vulnerable. Vulnerable software always invites hackers to …

Static bug detection has shown its effectiveness in detecting well-defined memory errors, eg,
memory leaks, buffer overflows, and null dereference. However, modern software systems …

WebAssembly is an increasingly popular compilation target designed to run code in
browsers and on other platforms safely and securely, by strictly separating code and data …

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …

Smart contracts are software programs featuring both traditional applications and distributed
data storage on blockchains. Ethereum is a prominent blockchain platform with the support …

Memory corruption bugs in software written in low-level languages like C or C++ are one of
the oldest problems in computer security. The lack of safety in these languages allows …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

Analyzing the security of closed source binaries is currently impractical for end-users, or
even developers who rely on third-party libraries. Such analysis relies on automatic …

Recent transient-execution attacks, such as RIDL, Fallout, and ZombieLoad, demonstrated
that attackers can leak information while it transits through microarchitectural buffers. Named …