Software immunity through diversity is a promising research direction. Address Space Layout Randomization has been widely deployed to defend against code-reuse attacks and significantly raises the bar for attackers. However, automated software diversity is still exploitable by adroit and adaptable adversaries. Using powerful memory disclosure attacks, offensive researchers have demonstrated weaknesses in conventional randomization techniques. In addition, current defenses are largely passive and allow attackers to continuously brute-force randomized defenses with little impediment. Building on the foundation of automated software diversity, we propose novel techniques to strengthen the security and broaden the impact of code rando...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Diversity is an important source of robustness in biological systems. Computers, by contrast, are no...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus o...
The complexity of computer programs has been increasing for multiple decades. As a result, the numbe...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Diversity is an important source of robustness in biological systems. Computers, by contrast, are no...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Address-space layout randomization is a wellestablished defense against code-reuse attacks. However,...
Until recently, it was widely believed that code randomization (such as fine-grained ASLR) can effec...