Software security defenses are routinely broken by the persistence of both security
researchers and attackers. Hardware solutions based on tagging are emerging as a …

Memory corruption attacks against unsafe programming languages like C/C++ have been a
major threat to computer systems for multiple decades. Various sanitizers and runtime …

To defeat ASLR or more advanced fine-grained and leakage-resistant code randomization
schemes, modern software exploits rely on information disclosure to locate gadgets inside …

Embedded systems are deployed in security critical environments and have become a
prominent target for remote attacks. Microcontroller-based systems (MCUS) are particularly …

Despite decades of research on software diversification, only address space layout
randomization has seen widespread adoption. Code randomization, an effective defense …

In 2007, Shacham published a seminal paper on Return-Oriented Programming (ROP), the
first systematic formulation of code reuse. The paper has been highly influential, profoundly …

Although using machine learning techniques to solve computer security challenges is not a
new idea, the rapidly emerging Deep Learning technology has recently triggered a …

Code Reuse Attacks (CRA) represent a type of control flow hijacking that attackers exploit to
manipulate the standard program execution path, resulting in abnormal processor …

This survey provides an overview of different cyber moving-target techniques, their threat
models, and their technical details. A cyber moving-target technique refers to any technique …

We present the design, implementation, and evaluation of FineIBT: a CFI enforcement
mechanism that improves the precision of hardware-assisted CFI solutions, like Intel IBT, by …