Control-flow integrity: Precision, security, and performance
Memory corruption errors in C/C++ programs remain the most common source of security
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption …
From hack to elaborate technique—a survey on binary rewriting
Binary rewriting is changing the semantics of a program without having the source code at
hand. It is used for diverse purposes, such as emulation (eg, QEMU), optimization (eg …
hand. It is used for diverse purposes, such as emulation (eg, QEMU), optimization (eg …
Data-oriented programming: On the expressiveness of non-control data attacks
As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Everything old is new again: Binary security of {WebAssembly}
WebAssembly is an increasingly popular compilation target designed to run code in
browsers and on other platforms safely and securely, by strictly separating code and data …
browsers and on other platforms safely and securely, by strictly separating code and data …
SoK: Shining light on shadow stacks
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs.
Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, ie, indirect …
Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, ie, indirect …
A tough call: Mitigating advanced code-reuse attacks at the binary level
Current binary-level Control-Flow Integrity (CFI) techniques are weak in determining the set
of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of …
of valid targets for indirect control flow transfers on the forward edge. In particular, the lack of …
An {In-Depth} Analysis of Disassembly on {Full-Scale} x86/x64 Binaries
It is well-known that static disassembly is an unsolved problem, but how much of a problem
is it in real software—for instance, for binary protection schemes? This work studies the …
is it in real software—for instance, for binary protection schemes? This work studies the …
Block oriented programming: Automating data-only attacks
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking
attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits …
attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits …
Shuffler: fast and deployable continuous code {re-randomization}
While code injection attacks have been virtually eliminated on modern systems, programs
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …