Return-oriented programming (ROP) offers a robust attack technique that has, not surprisingly, been extensively used to exploit bugs in modern software programs (e.g., web browsers and PDF readers). ROP attacks require no code injection, and have already been shown to be powerful enough to bypass fine-grained memory randomization (ASLR) defenses. To counter this ingenious attack strategy, several proposals for enforcement of (coarse-grained) control-flow integrity (CFI) have emerged. The key argument put forth by these works is that coarse-grained CFI policies are sufficient to prevent ROP attacks. As this reasoning has gained traction, ideas put forth in these proposals have even been incorporated into coarse-grained CFI defenses in widely...
Abstract—Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijac...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Return-oriented programming (ROP) offers a robust attack technique that has, not surprisingly, been ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive ta...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
With the increased popularity of embedded devices, low-level programming languages like C and C++ ar...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Abstract—Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijac...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Return-oriented programming (ROP) offers a robust attack technique that has, not surprisingly, been ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
Return-Oriented Programming (ROP) is a sophisticated exploitation technique that is able to drive ta...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
With the increased popularity of embedded devices, low-level programming languages like C and C++ ar...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Return-Oriented Programming (ROP) is a technique that enables an adversary to construct malicious pr...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Prior work has shown that return oriented programming (ROP) can be used to bypass W⊕X, a software de...
Return-oriented programming (ROP) has become the primary exploitation technique for system compromis...
Abstract—Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijac...
Detecting and preventing exploitation of memory corruption vulnerabilities is highly challenging. Un...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...