In recent years, cyber-physical systems (CPS) have been to many vital areas, including
medical devices, smart cars, industrial systems, energy grid, etc. As these systems …

Security metrics have received significant attention. However, they have not been
systematically explored based on the understanding of attack-defense interactions, which …

Abstract The Internet of Things (IoT) is heavily affecting our daily lives in many domains,
ranging from tiny wearable devices to large industrial systems. Consequently, a wide variety …

Intel SGX isolates the memory of security-critical applications from the untrusted OS.
However, it has been speculated that SGX may be vulnerable to side-channel attacks …

As control-flow hijacking defenses gain adoption, it is important to understand the remaining
capabilities of adversaries via memory exploits. Non-control data exploits are used to mount …

Industrial control systems (ICSs) are transitioning from legacy-electromechanical-based
systems to modern information and communication technology (ICT)-based systems …

In this chapter, we describe code-pointer integrity (CPI), a new design point that guarantees
the integrity of all code pointers in a program (eg, function pointers, saved return addresses) …

Address Space Layout Randomization (ASLR) is a widely-used technique that protects
systems against a range of attacks. ASLR works by randomizing the offset of key program …

Remote attestation is a crucial security service particularly relevant to increasingly popular
IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a …

Address space layout randomization (ASLR) is an important first line of defense against
memory corruption attacks and a building block for many modern countermeasures. Existing …