Add to ORKGControl-Flow Integrity (CFI) is a defense which pre-vents control-flow hijacking attacks. While recent re-search has shown that coarse-grained CFI does not stop attacks, fine-grained CFI is believed to be secure. We argue that assessing the effectiveness of practi-cal CFI implementations is non-trivial and that common evaluation metrics fail to do so. We then evaluate fully-precise static CFI — the most restrictive CFI policy that does not break functionality — and reveal limitations in its security. Using a generalization of non-control-data attacks which we call Control-Flow Bending (CFB), we show how an attacker can leverage a memory corruption vulnerability to achieve Turing-complete computation on memory using just calls to the standar...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Adversaries exploit memory corruption vulnerabilities to hi-jack a program’s control flow and gain a...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
Adversaries exploit memory corruption vulnerabilities to hi-jack a program’s control flow and gain a...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...