Formal approaches to secure compilation: A survey of fully abstract compilation and related work
Secure compilation is a discipline aimed at develo** compilers that preserve the security
properties of the source programs they take as input in the target programs they produce as …
properties of the source programs they take as input in the target programs they produce as …
Toward engineering a secure android ecosystem: A survey of existing techniques
The openness and extensibility of Android have made it a popular platform for mobile
devices and a strong candidate to drive the Internet-of-Things. Unfortunately, these …
devices and a strong candidate to drive the Internet-of-Things. Unfortunately, these …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
VC3: Trustworthy data analytics in the cloud using SGX
We present VC3, the first system that allows users to run distributed MapReduce
computations in the cloud while kee** their code and data secret, and ensuring the …
computations in the cloud while kee** their code and data secret, and ensuring the …
{Control-Flow} bending: On the effectiveness of {Control-Flow} integrity
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity Page 1 Open access to
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
the Proceedings of the 24th USENIX Security Symposium is sponsored by USENIX Control-Flow …
Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications
Code reuse attacks such as return-oriented programming (ROP) have become prevalent
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …
[PDF][PDF] ASLR on the Line: Practical Cache Attacks on the MMU.
Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …
memory corruption attacks and a building block for many modern countermeasures. Existing …
C-FLAT: control-flow attestation for embedded systems software
Remote attestation is a crucial security service particularly relevant to increasingly popular
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Speculative buffer overflows: Attacks and defenses
Practical attacks that exploit speculative execution can leak confidential information via
microarchitectural side channels. The recently-demonstrated Spectre attacks leverage …
microarchitectural side channels. The recently-demonstrated Spectre attacks leverage …