English
Related papers

Related papers: JIT Spraying and Mitigations

200 papers

With the discovery of new exploit techniques, new protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for…

Cryptography and Security · Computer Science 2010-08-25 Piotr Bania

This paper provides the first systematic analysis of a synergistic threat model encompassing memory corruption vulnerabilities and microarchitectural side-channel vulnerabilities. We study speculative shield bypass attacks that leverage…

Cryptography and Security · Computer Science 2023-09-11 Weon Taek Na , Joel S. Emer , Mengjia Yan

Memory disclosure attacks play an important role in the exploitation of memory corruption vulnerabilities. By analyzing recent research, we observe that bypasses of defensive solutions that enforce control-flow integrity or attempt to…

Cryptography and Security · Computer Science 2020-07-08 Robert Gawlik , Philipp Koppe , Benjamin Kollenda , Andre Pawlowski , Behrad Garmany , Thorsten Holz

Recently, a novel method known as Page Spray emerges, focusing on page-level exploitation for kernel vulnerabilities. Despite the advantages it offers in terms of exploitability, stability, and compatibility, comprehensive research on Page…

Cryptography and Security · Computer Science 2024-11-12 Ziyi Guo , Dang K Le , Zhenpeng Lin , Kyle Zeng , Ruoyu Wang , Tiffany Bao , Yan Shoshitaishvili , Adam Doupé , Xinyu Xing

Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were the early role models preventing primitive code injection and return-oriented programming (ROP) attacks. Notably, these techniques…

Cryptography and Security · Computer Science 2019-09-23 Christopher Jelesnianski , Jinwoo Yom , Changwoo Min , Yeongjin Jang

The distributed nature of local differential privacy (LDP) invites data poisoning attacks and poses unforeseen threats to the underlying LDP-supported applications. In this paper, we propose a comprehensive mitigation framework for popular…

Cryptography and Security · Computer Science 2025-06-18 Xiaolin Li , Ninghui Li , Boyang Wang , Wenhai Sun

Memory-safety attacks have been one of the most critical threats against computing systems. Although a wide-range of defense techniques have been developed against these attacks, the existing mitigation strategies have several limitations.…

Cryptography and Security · Computer Science 2019-09-20 Eyasu Getahun Chekole , Unnikrishnan Cheramangalath , Sudipta Chattopadhyay , Martin Ochoa , Guo Huaqun

With the rise of attacks using PowerShell in the recent months, there has not been a comprehensive solution for monitoring or prevention. Microsoft recently released the AMSI solution for PowerShell v5, however this can also be bypassed.…

Cryptography and Security · Computer Science 2017-09-25 Amanda Rousseau

Memory corruption vulnerabilities have been around for decades and rank among the most prevalent vulnerabilities in embedded systems. Yet this constrained environment poses unique design and implementation challenges that significantly…

Cryptography and Security · Computer Science 2020-07-07 Ali Abbasi , Jos Wetzels , Thorsten Holz , Sandro Etalle

Address Space Layout Randomization (ASLR) is a crucial defense mechanism employed by modern operating systems to mitigate exploitation by randomizing processes' memory layouts. However, the stark reality is that real-world implementations…

Cryptography and Security · Computer Science 2024-08-30 Lorenzo Binosi , Gregorio Barzasi , Michele Carminati , Stefano Zanero , Mario Polino

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In…

Cryptography and Security · Computer Science 2020-07-08 Jannik Pewny , Philipp Koppe , Lucas Davi , Thorsten Holz

Modern language models have enabled the development of agentic systems that achieve strong performance on reasoning-intensive tasks. Unfortunately, this has come with a security cost; these systems are vulnerable to prompt injection, a…

Cryptography and Security · Computer Science 2026-05-12 Dennis Jacob , Emad Alghamdi , Zhanhao Hu , Basel Alomair , David Wagner

Instruction set randomization (ISR) was initially proposed with the main goal of countering code-injection attacks. However, ISR seems to have lost its appeal since code-injection attacks became less attractive because protection mechanisms…

Cryptography and Security · Computer Science 2017-03-09 Dean Sullivan , Orlando Arias , David Gens , Lucas Davi , Ahmad-Reza Sadeghi , Yier Jin

The rapid advancement and widespread adoption of generative artificial intelligence (GenAI) and large language models (LLMs) has been accompanied by the emergence of new security vulnerabilities and challenges, such as jailbreaking and…

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools.…

Large language model agents equipped with persistent memory are vulnerable to memory poisoning attacks, where adversaries inject malicious instructions through query only interactions that corrupt the agents long term memory and influence…

Cryptography and Security · Computer Science 2026-01-13 Balachandra Devarangadi Sunil , Isheeta Sinha , Piyush Maheshwari , Shantanu Todmal , Shreyan Mallik , Shuchi Mishra

Many-shot jailbreaking (MSJ) is an adversarial technique that exploits the long context windows of modern LLMs to circumvent model safety training by including in the prompt many examples of a "fake" assistant responding inappropriately…

Machine Learning · Computer Science 2026-03-26 Christopher M. Ackerman , Nina Panickssery

New computing paradigms, modern feature-rich programming languages and off-the-shelf software libraries enabled the development of new sophisticated malware families. Evidence of this phenomena is the recent growth of fileless malware…

Cryptography and Security · Computer Science 2019-11-27 Sherif Saad , Farhan Mahmood , William Briguglio , Haytham Elmiligi

Language models (LMs) may memorize personally identifiable information (PII) from training data, enabling adversaries to extract it during inference. Existing defense mechanisms such as differential privacy (DP) reduce this leakage, but…

Cryptography and Security · Computer Science 2026-02-27 Anthony Hughes , Vasisht Duddu , N. Asokan , Nikolaos Aletras , Ning Ma

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However,…

Cryptography and Security · Computer Science 2020-06-16 Salman Ahmed , Ya Xiao , Gang Tan , Kevin Snow , Fabian Monrose , Danfeng , Yao
‹ Prev 1 2 3 10 Next ›