Data-oriented attacks, where the adversary corrupts critical program data in memory, remain one of the most challenging security threats to address. Because the attacker does not touch any code or code pointers, dataoriented attacks are able to circumvent common defence strategies such as data execution prevention or control-flow protection. Data-flow integrity (DFI) techniques can address these attacks by detecting corruption of any program data. However, due to high performance penalties, these techniques are not widely adopted in practice. This paper presents TRUVIN, a lightweight scheme that mitigates data-oriented attacks by focusing on only those variables which are crucial to the integrity assurance. Instead of instrumenting every me...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Computer security is a very critical problem these days, as it has widespread consequences in case o...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
The emergence of Real-Time Systems with increased connections to their environment has led to a grea...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
Software attacks often subvert the intended data-flow in a vulnerable program. For example, attacker...
Memory errors exist in software written in memory-unsafe languages like C. They introduce severe vu...
| openaire: EC/H2020/643964/EU//SUPERCLOUDMemory-unsafe programming languages like C and C++ leave m...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
307 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2009.The key insight in this disse...
The chapter introduces and describes representative defense mechanisms to protect from both basic an...
Subverting runtime data flow is common in many current software attacks. Data Flow Integrity (DFI) i...
Trusted Computing capability has become ubiquitous these days, and it is being widely deployed into ...
Abstract. Code injection attacks that target the control-data of an ap-plication have been prevalent...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Computer security is a very critical problem these days, as it has widespread consequences in case o...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
The emergence of Real-Time Systems with increased connections to their environment has led to a grea...
The goal of the research presented in this dissertation is to prevent, detect, and mitigate maliciou...
The most common cyber-attack vector is exploit of software vulnerability. Despite much efforts towar...
Software attacks often subvert the intended data-flow in a vulnerable program. For example, attacker...
Memory errors exist in software written in memory-unsafe languages like C. They introduce severe vu...
| openaire: EC/H2020/643964/EU//SUPERCLOUDMemory-unsafe programming languages like C and C++ leave m...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
307 p.Thesis (Ph.D.)--University of Illinois at Urbana-Champaign, 2009.The key insight in this disse...
The chapter introduces and describes representative defense mechanisms to protect from both basic an...
Subverting runtime data flow is common in many current software attacks. Data Flow Integrity (DFI) i...
Trusted Computing capability has become ubiquitous these days, and it is being widely deployed into ...
Abstract. Code injection attacks that target the control-data of an ap-plication have been prevalent...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Computer security is a very critical problem these days, as it has widespread consequences in case o...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...