Despite the large number of proposed countermeasures against control-flow hijacking attacks, these attacks still pose a great threat for today’s applications. The problem with existing solutions is that they either provide incomplete probabilistic protection (e.g., stack canaries) or impose a high runtime overhead (e.g., bounds checking). In this paper, we show how the concept of program-part duplication can be used to protect against control-flow hijacking attacks and present two different instantiations of the duplication concept which protect against popular attack vectors. First, we use the duplication of functions to eliminate the need of return addresses and thus provide complete protection against attacks targeting a function’s retu...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract. Despite the large number of proposed countermeasures against control-flow hijacking attack...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Presented on September 21, 2018 at 12:00 p.m. in the Engineered Biosystems Building, Room 1005.Natha...
Part 6: Source Code SecurityInternational audienceDespite being a more than 40-year-old dark art, co...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Fault injection attacks alter the intended behavior of micro-controllers, compromising their securit...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
AbstractWith software systems continuously growing in size and complexity, the number and variety of...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
In this paper, we present Disjoint Code Layouts (DCL), a technique that complements Multi-Variant Ex...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract. Despite the large number of proposed countermeasures against control-flow hijacking attack...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Presented on September 21, 2018 at 12:00 p.m. in the Engineered Biosystems Building, Room 1005.Natha...
Part 6: Source Code SecurityInternational audienceDespite being a more than 40-year-old dark art, co...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
Adversaries exploit memory corruption vulnerabilities to hijack a program's control flow and gain ar...
Fault injection attacks alter the intended behavior of micro-controllers, compromising their securit...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Code-reuse attacks continue to evolve and remain a severe threat to modern software. Recent research...
AbstractWith software systems continuously growing in size and complexity, the number and variety of...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
In this paper, we present Disjoint Code Layouts (DCL), a technique that complements Multi-Variant Ex...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Systems software written in C/C++ is plagued by bugs, which attackers exploit to gain control of sys...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...