Memory corruption bugs in software written in low-level languages like C or C++ are one of
the oldest problems in computer security. The lack of safety in these languages allows …

Memory error exploitations have been around for over 25 years and still rank among the top
3 most dangerous software errors. Why haven't we been able to stop them? Given the host …

Memory corruption attacks against unsafe programming languages like C/C++ have been a
major threat to computer systems for multiple decades. Various sanitizers and runtime …

When dealing with dynamic, untrusted content, such as on the Web, software behavior must
be sandboxed, typically through use of a language like JavaScript. However, even for such …

A common type of memory error in the Linux kernel is using uninitialized variables
(uninitialized use). Uninitialized uses not only cause undefined behaviors but also impose a …

Many mechanisms have been proposed and deployed to prevent exploits against software
vulnerabilities. Among them, W⊕ X is one of the most effective and efficient. W⊕ X prevents …

JIT spraying is a new code-reuse technique to attack virtual machines based on JIT (Just-in-
time) compilation. It has proven to be capable of circumventing the defenses such as data …

Web browsers are integral parts of everyone's daily life. They are commonly used for
security-critical and privacy sensitive tasks, like banking transactions and checking medical …

A new code‐reuse attack, named Just‐in‐time (JIT) spraying attack, leverages the
predictable generated JIT compiled code to launch an attack. It can circumvent the defenses …

In the face of widespread DEP and ASLR deployment, JIT spraying brings together the best
of code injection and code reuse attacks to defeat both defenses. However, to date, JIT …