Cyber-attacks are becoming more sophisticated and thereby presenting increasing
challenges in accurately detecting intrusions. Failure to prevent the intrusions could degrade …

The detection of software vulnerability requires critical attention during the development
phase to make it secure and less vulnerable. Vulnerable software always invites hackers to …

Static bug detection has shown its effectiveness in detecting well-defined memory errors, eg,
memory leaks, buffer overflows, and null dereference. However, modern software systems …

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

Memory corruption bugs in software written in low-level languages like C or C++ are one of
the oldest problems in computer security. The lack of safety in these languages allows …

Smart contracts are software programs featuring both traditional applications and distributed
data storage on blockchains. Ethereum is a prominent blockchain platform with the support …

Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …

Fine-grained address space layout randomization (ASLR) has recently been proposed as a
method of efficiently mitigating runtime attacks. In this paper, we introduce the design and …

Constraining dynamic control transfers is a common technique for mitigating software
vulnerabilities. This defense has been widely and successfully used to protect return …