English
Related papers

Related papers: Block Oriented Programming: Automating Data-Only A…

200 papers

Jump-Oriented Programming (JOP) attacks exploit indirect control transfers to bypass backward-edge defenses, yet existing forward-edge CFI mechanisms lack precise source-domain authorization: type-based CFI admits all same-signature…

Cryptography and Security · Computer Science 2026-04-28 You Wu , Peter Beerel

Memory corruption vulnerabilities are still a severe threat for software systems. To thwart the exploitation of such vulnerabilities, many different kinds of defenses have been proposed in the past. Most prominently, Control-Flow Integrity…

Cryptography and Security · Computer Science 2020-07-09 Patrick Wollgast , Robert Gawlik , Behrad Garmany , Benjamin Kollenda , Thorsten Holz

Control flow obfuscation (CFO) alters the control flow path of a program without altering its semantics. Existing literature has proposed several techniques; however, a quick survey reveals a lack of clarity in the types of techniques…

Cryptography and Security · Computer Science 2018-10-01 Renuka Kumar , Anjana Mariam Kurian

The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such as stack canaries, control flow integrity (CFI), and memory safe languages. These defenses can prevent entire classes of vulnerabilities, and…

Cryptography and Security · Computer Science 2021-04-20 Andrea Mambretti , Alexandra Sandulescu , Alessandro Sorniotti , William Robertson , Engin Kirda , Anil Kurmus

Return-oriented programming (ROP) is a code reuse attack that chains short snippets of existing code to perform arbitrary operations on target machines. Existing detection methods against ROP exhibit unsatisfactory detection accuracy and/or…

Cryptography and Security · Computer Science 2024-02-14 Xusheng Li , Zhisheng Hu , Haizhou Wang , Yiwei Fu , Ping Chen , Minghui Zhu , Peng Liu

Novice programmers frequently adopt a syntax-specific and test-case-driven approach, writing code first and adjusting until programs compile and test cases pass, rather than developing correct solutions through systematic reasoning. AI…

Software Engineering · Computer Science 2025-11-25 Vaani Goenka , Aalok Thakkar

Fault tolerance overhead of high performance computing (HPC) applications is becoming critical to the efficient utilization of HPC systems at large scale. HPC applications typically tolerate fail-stop failures by checkpointing. Another…

Distributed, Parallel, and Cluster Computing · Computer Science 2011-06-22 Erlin Yao , Mingyu Chen , Rui Wang , Wenli Zhang , Guangming Tan

Largely known for attack scenarios, code reuse techniques at a closer look reveal properties that are appealing also for program obfuscation. We explore the popular return-oriented programming paradigm under this light, transforming program…

Cryptography and Security · Computer Science 2021-08-12 Pietro Borrello , Emilio Coppa , Daniele Cono D'Elia

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

Return-Oriented Programming (ROP) is a typical attack technique that exploits return addresses to abuse existing code repeatedly. Most of the current return address protecting mechanisms (also known as the Backward-Edge Control-Flow…

Cryptography and Security · Computer Science 2020-07-16 Jinfeng Li , Liwei Chen , Qizhen Xu , Linan Tian , Gang Shi , Kai Chen , Dan Meng

Memory corruption vulnerabilities remain one of the most severe threats to software security. They often allow attackers to achieve arbitrary code execution by redirecting a vulnerable program's control flow. While Control Flow Integrity…

Cryptography and Security · Computer Science 2025-08-22 Sabine Houy , Bruno Kreyssig , Timothee Riom , Alexandre Bartel , Patrick McDaniel

Attacks on heap memory, encompassing memory overflow, double and invalid free, use-after-free (UAF), and various heap spraying techniques are ever-increasing. Existing entropy-based secure memory allocators provide statistical defenses…

Cryptography and Security · Computer Science 2024-05-31 Ruizhe Wang , Meng Xu , N. Asokan

Secure elements physically exposed to adversaries are frequently targeted by fault attacks. These attacks can be utilized to hijack the control-flow of software allowing the attacker to bypass security measures, extract sensitive data, or…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Stefan Mangard

Modern machine learning (ML) systems demand substantial training data, often resorting to external sources. Nevertheless, this practice renders them vulnerable to backdoor poisoning attacks. Prior backdoor defense strategies have primarily…

Machine Learning · Computer Science 2024-03-19 Soumyadeep Pal , Yuguang Yao , Ren Wang , Bingquan Shen , Sijia Liu

Code-reuse attacks have become a kind of common attack method, in which attackers use the existing code in the program to hijack the control flow. Most existing defenses focus on control flow integrity (CFI), code randomization, and…

Cryptography and Security · Computer Science 2023-03-23 Xiaoqi Song , Wenjie Lv , Haipeng Qu , Lingyun Ying

A computerized workflow management system may enforce a security policy, specified in terms of authorized actions and constraints, thereby restricting which users can perform particular steps in a workflow. The existence of a security…

Cryptography and Security · Computer Science 2016-11-16 Jason Crampton , Gregory Gutin , Daniel Karapetyan , Rémi Watrigant

Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for…

Cryptography and Security · Computer Science 2023-09-21 Sashidhar Jakkamsetti , Youngil Kim , Andrew Searles , Gene Tsudik

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack…

Cryptography and Security · Computer Science 2025-09-11 Nils Bars , Lukas Bernhard , Moritz Schloegel , Thorsten Holz

Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks. However, its real-world application has been quite limited so far because of the prohibitive performance overhead it incurs.…

Hardware Architecture · Computer Science 2021-11-30 Lang Feng , Jiayi Huang , Jeff Huang , Jiang Hu

Modern software systems heavily use C/C++ based libraries. Because of the weak memory model of C/C++, libraries may suffer from vulnerabilities which can expose the applications to potential attacks. For example, a very large number of…

Cryptography and Security · Computer Science 2019-02-19 Girish Mururu , Chris Porter , Prithayan Barua , Santosh Pande