Computers were not built with security in mind. As such, security has and still often takes a back seat to performance. However, in an era where there is so much sensitive data being stored, with cloud storage and huge customer databases, much has to be done to keep this data safe from intruders. Control flow hijacking attacks, stemming from a basic code injection attack to return-into-libc and other code re-use attacks, are among the most dangerous attacks. Currently available solutions, like Data execution prevention that can prevent a user from executing writable pages to prevent code injection attacks, do not have an efficient solution for protecting against code re-use attacks, which can execute valid code in a malicious order. To pr...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Adversaries exploit memory corruption vulnerabilities to hi-jack a program’s control flow and gain a...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Presented on September 21, 2018 at 12:00 p.m. in the Engineered Biosystems Building, Room 1005.Natha...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return...
Since the widespread adoption of the internet, computer security has become one of the primary conce...
Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse a...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and sta...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...
Adversaries exploit memory corruption vulnerabilities to hi-jack a program’s control flow and gain a...
Abstract—As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determine...
Current software attacks often build on exploits that subvert machine-code execution. The enforcemen...
Despite the intense efforts to prevent programmers from writing code with memory errors, memory corr...
Presented on September 21, 2018 at 12:00 p.m. in the Engineered Biosystems Building, Room 1005.Natha...
As existing defenses like ASLR, DEP, and stack cookies are not sufficient to stop determined attacke...
Code reuse techniques can circumvent existing security measures. For example, attacks such as Return...
Since the widespread adoption of the internet, computer security has become one of the primary conce...
Control-flow integrity (CFI) is considered as a general and promising method to prevent code-reuse a...
Thesis: M. Eng., Massachusetts Institute of Technology, Department of Electrical Engineering and Com...
Defenses such as Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and sta...
Control-flow hijacking attacks allow adversaries to take over seemingly benign software, e.g., a web...
Code-reuse attacks are software exploits in which an attacker directs control flow through existing ...
System programming languages such as C and C++ are ubiquitously used for systems software such as br...
Control Flow Integrity (CFI) provides a strong protection against modern control-flow hijacking atta...