Control Flow Integrity (CFI) is one of the most promising technique to defend Code-Reuse Attacks (CRAs). Traditional CFI Systems and recent Context-Sensitive CFI use coarse control flow graphs (CFGs) to analyze whether the control flow hijack occurs, left vast space for attackers at indirect call-sites. Coarse CFGs make it difficult to decide which target to execute at indirect control-flow transfers, and weaken the existing CFI systems actually. It is an unsolved problem to extract CFGs precisely and perfectly from binaries now. In this paper, we present an algorithm to get a more precise CFG from binaries. Parameters are analyzed at indirect call-sites and functions firstly. By comparing counts of parameters prepared before call-sites and...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Control Flow Integrity (CFI) is one of the most promising technique to defend Code-Reuse Attacks (CR...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its en...
Abstract. Applications written in low-level languages without type or memory safety are prone to mem...
A popular software attack on a program is by transferring the program control to malicious code inse...
© Springer International Publishing AG, part of Springer Nature 2018. Through memory vulnerabilities...
Control-Flow Integrity (CFI) is an effective approach to mitigat-ing control-flow hijacking attacks....
Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive t...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy progra...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Control Flow Integrity (CFI) is one of the most promising technique to defend Code-Reuse Attacks (CR...
Control flow integrity (CFI) has been proposed as an approach to defend against control-hijacking me...
Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its en...
Abstract. Applications written in low-level languages without type or memory safety are prone to mem...
A popular software attack on a program is by transferring the program control to malicious code inse...
© Springer International Publishing AG, part of Springer Nature 2018. Through memory vulnerabilities...
Control-Flow Integrity (CFI) is an effective approach to mitigat-ing control-flow hijacking attacks....
Current Control-Flow Integrity (CFI) implementations track control edges individually, insensitive t...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy progra...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Abstract—As existing defenses like ALSR, DEP, and stack cookies are not sufficient to stop determine...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Abstract—A new binary software randomization and Control-Flow Integrity (CFI) enforcement system is ...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...