Code-reuse attacks are notoriously hard to defeat, and many current solutions to the problem focus on automated software diversity. This is a promising area of research, as diversity attacks one cause of code reuse attacks—the software monoculture. Software diversity raises the costs of an attack by providing users with different variations of the same program. However, modern software diversity implementations are still vulnerable to certain threats: code disclosure attacks and attacks targeted at JIT (just-in-time) compilers for dynamically compiled languages.In this dissertation, we address the pressing problem of building secure systems out of programs written in unsafe languages. Specifically, we use software diversity to present attac...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract—The software monoculture favors attackers over defenders, since it makes all target environ...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and ...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Memory-corruption vulnerabilities pose a serious threat to modern computer security. Attackers explo...
Abstract—The software monoculture favors attackers over defenders, since it makes all target environ...
Code diversification has been proposed as a technique to mitigate code reuse attacks, which have rec...
Code-reuse attacks such as return-oriented programming (ROP) pose a severe threat to modern software...
Context Software diversity, self-modification, and obfuscation have many applications in software se...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
Abstract—The idea of automatic software diversity is at least two decades old. The deficiencies of c...
We present a method to regenerate diversified code dynamically in a Java bytecode JIT compiler, and ...
Abstract—We explore software diversity as a defense against side-channel attacks by dynamically and ...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
There is implicit trust involved when using computer software. Open-source software attempts to insp...
Software is pervasive in our daily lives and we rely on it for many critical tasks. Despite the abun...
Exploitation of memory corruption vulnerabilities in widely used software has been a threat for almo...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...