Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …

As the Internet of Things (IoT) technology advances, billions of multidisciplinary smart
devices act in concert, rarely requiring human intervention, posing significant challenges in …

Abstract The Internet of Things (IoT) is heavily affecting our daily lives in many domains,
ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety …

Intel SGX isolates the memory of security-critical applications from the untrusted OS.
However, it has been speculated that SGX may be vulnerable to side-channel attacks …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …

Despite decades of sustained effort, memory corruption attacks continue to be one of the
most serious security threats faced today. They are highly sought after by attackers, as they …

Code reuse attacks such as return-oriented programming (ROP) have become prevalent
techniques to exploit memory corruption vulnerabilities in software programs. A variety of …

Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …

As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined
attackers from exploiting our software, interest in Control Flow Integrity (CFI) is growing. In its …