During a cyber-attack, an adversary executes offensive maneuvers to target computer systems. Particularly, an attacker often exploits a vulnerability within a program, hijacks control-flow, and executes malicious code. Data Execution Prevention (DEP), a hardware-enforced security feature, prevents an attacker from directly executing the injected malicious code. Therefore, attackers have resorted to code-reuse attacks, wherein carefully chosen fragments of code within existing code sections of a program are sequentially executed to accomplish malicious logic. Code-reuse attacks are ubiquitous and account for majority of the attacks in the wild. On one hand, due to the wide use of closed-source software, binary-level solutions are essential. ...
Traditionally, execution of a program follows a straight and inflexible path starting from source co...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software o...
Today's most widely exploited applications are the web browsers and document readers we use every da...
During a cyber-attack, an adversary executes offensive maneuvers to target computer systems. Particu...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
This book provides an in-depth look at return-oriented programming attacks. It explores several conv...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Ensuring the security and integrity of computer systems deployed on the Internet is growing harder. ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Since the introduction of return-oriented programming, increasingly complex defenses and subtle atta...
Traditionally, execution of a program follows a straight and inflexible path starting from source co...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software o...
Today's most widely exploited applications are the web browsers and document readers we use every da...
During a cyber-attack, an adversary executes offensive maneuvers to target computer systems. Particu...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
This book provides an in-depth look at return-oriented programming attacks. It explores several conv...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Ensuring the security and integrity of computer systems deployed on the Internet is growing harder. ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Since the introduction of return-oriented programming, increasingly complex defenses and subtle atta...
Traditionally, execution of a program follows a straight and inflexible path starting from source co...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software o...
Today's most widely exploited applications are the web browsers and document readers we use every da...