Code-pointer integrity
In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …
[PDF][PDF] ASLR on the Line: Practical Cache Attacks on the MMU.
Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …
memory corruption attacks and a building block for many modern countermeasures. Existing …
Control flow and code integrity for COTS binaries: An effective defense against real-world ROP attacks
Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …
most serious security threats faced today. They are highly sought after by attackers, as they …
Readactor: Practical code randomization resilient to memory disclosure
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to
modern software. Designing practical and effective defenses against code-reuse attacks is …
modern software. Designing practical and effective defenses against code-reuse attacks is …
Dedup est machina: Memory deduplication as an advanced exploitation vector
Memory deduplication, a well-known technique to reduce the memory footprint across virtual
machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 …
machines, is now also a default-on feature inside the Windows 8.1 and Windows 10 …
Breaking kernel address space layout randomization with intel tsx
Kernel hardening has been an important topic since many applications and security
mechanisms often consider the kernel as part of their Trusted Computing Base (TCB) …
mechanisms often consider the kernel as part of their Trusted Computing Base (TCB) …
[PDF][PDF] Opaque Control-Flow Integrity.
A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
presented, which is the first to efficiently resist code-reuse attacks launched by informed …
Shuffler: fast and deployable continuous code {re-randomization}
D Williams-King, G Gobieski, K Williams-King… - … USENIX Symposium on …, 2016 - usenix.org
While code injection attacks have been virtually eliminated on modern systems, programs
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
today remain vulnerable to code reuse attacks. Particularly pernicious are Just-In-Time ROP …
Enforcing unique code target property for control-flow integrity
The goal of control-flow integrity (CFI) is to stop control-hijacking attacks by ensuring that
each indirect control-flow transfer (ICT) jumps to its legitimate target. However, existing …
each indirect control-flow transfer (ICT) jumps to its legitimate target. However, existing …
Losing control: On the effectiveness of control-flow integrity under stack attacks
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …
gain arbitrary code execution. One promising mitigation, control-flow integrity (CFI), has …