Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers exploit these vulnerabilities to manipulate code and data of vulnerable applications to generate malicious behavior by means of code-injection and code-reuse attacks. Researchers already demonstrated the power of data-only attacks by disclosing secret data such as cryptographic keys in the past. A large body of literature has investigated defenses against code-injection, code-reuse, and data-only attacks. Unfortunately, most of these defenses are tailored towards statically generated code and their adaption to dynamic code comes with the price of security or performance penalties. However, many common applications, like browsers and document viewe...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Abstract—Code-reuse attacks such as return-oriented pro-gramming (ROP) pose a severe threat to moder...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Dynamically-typed languages have improved programming experience in software development, leading to...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
Abstract—Return-oriented programming (ROP) has become the dominant form of vulnerability exploitatio...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Web browsers are one of the most important enduser applications to browse, retrieve, and present Int...
Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP) is still...
Abstract Despite numerous attempts to mitigate code-reuse attacks, Return-Oriented Programming (ROP)...
Abstract—Code-reuse attacks such as return-oriented pro-gramming (ROP) pose a severe threat to moder...
Exploit development is an arm race between attackers and defenders. In this thesis, I will introduce...
Managed languages such as JavaScript are popular. For perfor-mance, modern implementations of manage...
Dynamically-typed languages have improved programming experience in software development, leading to...
Part 5: Software SecurityInternational audienceJIT spraying is a new code-reuse technique to attack ...
Just-in-Time compilers offer substantial runtime performance benefits over traditional execution met...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...