Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on diverse processor architectures. Designing practical and secure defenses against code-reuse attacks is highly challenging and currently subject to intense research. However, no secure and practical system-level solutions exist so far, since a large number of proposed defenses have been successfully bypassed. To tackle this attack, we present HAFIX (Hardware-Assisted Flow Integrity eXtension), a defense against code-reuse attacks exploiting backward edges (returns). HAFIX provides fine-grained and practical protection, and serves as an enabling technology for future control-flow integrity instantiations. This paper presents the implementati...
Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constit...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software o...
Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse a...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a se...
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Control-Flow Integrity (CFI) is a popular technique to de- fend against State-of-the-Art exploits, b...
Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constit...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software on...
Code-reuse attacks like return-oriented programming (ROP) pose a severe threat to modern software o...
Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse a...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a se...
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Control-Flow Integrity (CFI) is a popular technique to de- fend against State-of-the-Art exploits, b...
Control-flow integrity (CFI) is a general defense against code-reuse exploits that currently constit...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...