Data-oriented attacks are gaining traction thanks to advances in code-centric mitigation techniques for memory corruption vulnerabilities. Previous work on mitigating data-oriented attacks includes Data Space Randomization (DSR). DSR classifies program variables into a set of equivalence classes, and encrypts variables with a key randomly chosen for each equivalence class. This thwarts memory corruption attacks that introduce illegitimate data flows. However, existing implementations of DSR trade precision for better run-time performance, which leaves attackers sufficient leeway to mount attacks. In this paper, we show that high precision and good run-time performance are not mutually exclusive. We present HARD, a precise and efficient hard...
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by rand...
The problem of defending software against tampering by a malicious host is not expected to be solved...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Data-oriented exploits are growing in popularity as defenders are closing attack vectorsrelated to c...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Static program analysis computes information about a program without executing the program. This can...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Randomization is used in computer security as a tool to introduce unpredictability into the software...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract. The problem of defending software against tampering by a malicious host is not expected to...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by rand...
The problem of defending software against tampering by a malicious host is not expected to be solved...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...
Data-oriented exploits are growing in popularity as defenders are closing attack vectorsrelated to c...
Software immunity through diversity is a promising research direction. Address Space Layout Randomi...
Software that is in use and under development today still contains as many bugs as ever. These bugs ...
Static program analysis computes information about a program without executing the program. This can...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
Adversaries exploit software vulnerabilities in modern software to compromise computer systems. Whil...
Exploitation of memory-corruption vulnerabilities in widely-used software has been a threat for over...
Randomization is used in computer security as a tool to introduce unpredictability into the software...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Abstract. The problem of defending software against tampering by a malicious host is not expected to...
One of the most common forms of security attacks involves exploiting a vulnerability to inject malic...
Code reuse attacks such as return-oriented programming are one of the most powerful threats to conte...
Instruction Set Randomization (ISR) is able to protect against remote code injection attacks by rand...
The problem of defending software against tampering by a malicious host is not expected to be solved...
Instruction set randomization (ISR) was initially proposed with the main goal of countering code-inj...