English
Related papers

Related papers: Control-Flow Integrity: Precision, Security, and P…

200 papers

Modern RISC-V platforms control and monitor security-critical systems such as industrial controllers and autonomous vehicles. While these platforms feature a Root-of-Trust (RoT) to store authentication secrets and enable secure boot…

Cryptography and Security · Computer Science 2024-01-08 Emanuele Parisi , Alberto Musa , Simone Manoni , Maicol Ciani , Davide Rossi , Francesco Barchi , Andrea Bartolini , Andrea Acquaviva

Control flow obfuscation deters software reverse engineering attempts by altering the program's control flow transfer. The alternation should not affect the software's run-time behaviour. In this paper, we propose a control flow obfuscation…

Cryptography and Security · Computer Science 2021-03-01 Kenny Zhuo Ming Lu

Fault injection attacks represent an effective threat to embedded systems. Recently, Laurent et al. have reported that fault injection attacks can leverage faults inside the microarchitecture. However, state-of-the-art counter-measures,…

Cryptography and Security · Computer Science 2023-09-06 Thomas Chamelot , Damien Couroussé , Karine Heydemann

In typical software, many comparisons and subsequent branch operations are highly critical in terms of security. Examples include password checks, signature checks, secure boot, and user privilege checks. For embedded devices, these…

Cryptography and Security · Computer Science 2018-03-23 Robert Schilling , Mario Werner , Stefan Mangard

Obfuscating compilers protect a software by obscuring its meaning and impeding the reconstruction of its original source code. The typical concern when defining such compilers is their robustness against reverse engineering and the…

Programming Languages · Computer Science 2020-03-13 Matteo Busi , Pierpaolo Degano , Letterio Galletta

Memory corruption vulnerabilities are endemic to unsafe languages, such as C, and they can even be found in safe languages that themselves are implemented in unsafe languages or linked with libraries implemented in unsafe languages. Robust…

Cryptography and Security · Computer Science 2018-02-06 Ana Nora Evans

Fault injection attacks (FIA) pose significant security threats to embedded systems as they exploit weaknesses across multiple layers, including system software, instruction set architecture (ISA), microarchitecture, and physical hardware.…

Cryptography and Security · Computer Science 2025-10-24 Arsalan Ali Malik , Harshvadan Mihir , Aydin Aysu

In a functional language, the dominant control-flow mechanism is function call and return. Most higher-order flow analyses, including k-CFA, do not handle call and return well: they remember only a bounded number of pending calls because…

Programming Languages · Computer Science 2015-07-01 Dimitrios Vardoulakis , Olin Shivers

Context: In C, low-level errors, such as buffer overflow and use-after-free, are a major problem, as they cause security vulnerabilities and hard-to-find bugs. C lacks automatic checks, and programmers cannot apply defensive programming…

Programming Languages · Computer Science 2017-12-05 Manuel Rigger , Rene Mayrhofer , Roland Schatz , Matthias Grimmer , Hanspeter Mössenböck

Rising device use and third-party IP integration in semiconductors raise security concerns. Unauthorized access, fault injection, and privacy invasion are potential threats from untrusted actors. Different security techniques have been…

Cryptography and Security · Computer Science 2023-11-20 Geraldine Shirley Nicholas , Dhruvakumar Vikas Aklekar , Bhavin Thakar , Fareena Saqib

The wide adoption of IoT gadgets and Cyber-Physical Systems (CPS) makes embedded devices increasingly important. While some of these devices perform mission-critical tasks, they are usually implemented using Micro-Controller Units (MCUs)…

Cryptography and Security · Computer Science 2023-03-08 Antonio Joia Neto , Ivan de Oliveira Nunes

Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control-flow or…

Cryptography and Security · Computer Science 2020-03-25 Bilgiday Yuce , Patrick Schaumont , Marc Witteman

Control Flow Attestation (CFA) allows remote verification of run-time software integrity in embedded systems. However, CFA is limited by the storage/transmission costs of generated control flow logs (CFlog). Recent work has proposed…

Cryptography and Security · Computer Science 2025-07-17 Liam Tyler , Adam Caulfield , Ivan De Oliveira Nunes

Recently, code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of…

Cryptography and Security · Computer Science 2018-09-20 Jiliang Zhang , Binhang Qi , Gang Qu

We present the design, implementation, and evaluation of FineIBT: a CFI enforcement mechanism that improves the precision of hardware-assisted CFI solutions, like Intel IBT, by instrumenting program code to reduce the valid/allowed targets…

Cryptography and Security · Computer Science 2023-09-15 Alexander J. Gaidis , Joao Moreira , Ke Sun , Alyssa Milburn , Vaggelis Atlidakis , Vasileios P. Kemerlis

Control flow obfuscation (CFO) alters the control flow path of a program without altering its semantics. Existing literature has proposed several techniques; however, a quick survey reveals a lack of clarity in the types of techniques…

Cryptography and Security · Computer Science 2018-10-01 Renuka Kumar , Anjana Mariam Kurian

Flow-sensitive type systems offer an elegant way to ensure memory-safety in programming languages. Unfortunately, their adoption in new or existing languages is often hindered by a painful effort to implement or integrate them into…

Programming Languages · Computer Science 2021-06-24 Dimitri Racordon , Aurélien Coet , Didier Buchs

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise…

Cryptography and Security · Computer Science 2019-12-10 Rémi Denis-Courmont , Hans Liljestrand , Carlos Chinea , Jan-Erik Ekberg

Over 70% of security vulnerabilities in critical software systems today result from memory safety violations. To address this challenge, fuzzing and static analysis are widely used automated methods to discover such vulnerabilities. Fuzzing…

Cryptography and Security · Computer Science 2026-03-31 Keno Hassler , Philipp Görz , Stephan Lipp

Memory corruption vulnerabilities in C/C++ applications enable attackers to execute code, change data, and leak information. Current memory sanitizers do no provide comprehensive coverage of a program's data. In particular, existing tools…

Cryptography and Security · Computer Science 2019-11-27 Nathan Burow , Derrick McKee , Scott A. Carr , Mathias Payer