Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitation in both user and kernel space. Many defenses against ROP exploits exist, which can significantly raise the bar against attackers. Although protecting existing code, such as applications and the kernel, might be possible, taking countermeasures against dynamic code, i.e., code that is generated only at run-time, is much harder. Attackers have already started exploiting Just-in-Time (JIT) engines, available in all modern browsers, to introduce their (shell)code (either native code or re-usable gadgets) during JIT compilation, and then taking advantage of it. Recognizing this immediate threat, browser vendors started employing defenses for har...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
International audienceJavaScript (JS) engines are virtual machines that execute JavaScript code. The...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Just-in-time (JIT)-spraying, which first appeared in Blackhat DC 2010, is a new kind of attack techn...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Modern browsers such as Chrome and Edge deploy constant blinding to remove attacker-controlled ...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...