English
Related papers

Related papers: Shining Light On Shadow Stacks

200 papers

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Stack canaries and shadow stacks are widely deployed mitigations to memory-safety vulnerabilities. While stack canaries are introduced by the compiler and rely on sentry values placed between variables and control data, shadow stack…

Cryptography and Security · Computer Science 2024-12-24 Hugo Depuydt , Merve Gülmez , Thomas Nyman , Jan Tobias Mühlberg

With the increasing popularity of AArch64 processors in general-purpose computing, securing software running on AArch64 systems against control-flow hijacking attacks has become a critical part toward secure computation. Shadow stacks keep…

Cryptography and Security · Computer Science 2023-07-20 Zhuojia Shen , John Criswell

Microcontroller-based embedded systems are increasingly used for applications that can have serious and immediate consequences if compromised---including automobile control systems, smart locks, drones, and implantable medical devices. Due…

Cryptography and Security · Computer Science 2020-06-29 Jie Zhou , Yufei Du , Zhuojia Shen , Lele Ma , John Criswell , Robert J. Walls

Recent Pwn2Own competitions have demonstrated the continued effectiveness of control hijacking attacks despite deployed countermeasures including stack canaries and ASLR. A powerful defense called Control flow Integrity (CFI) offers a…

Cryptography and Security · Computer Science 2014-08-08 Ali Jose Mashtizadeh , Andrea Bittau , David Mazieres , Dan Boneh

Manipulations of return addresses on the stack are the basis for a variety of attacks on programs written in memory unsafe languages. Dual stack schemes for protecting return addresses promise an efficient and effective defense against such…

Cryptography and Security · Computer Science 2018-06-26 Philipp Zieris , Julian Horsch

Embedded and Internet-of-Things (IoT) devices play a critical role in modern life. Their software and firmware, often developed in memory-unsafe languages like C, are susceptible to memory safety vulnerabilities that can lead to…

Cryptography and Security · Computer Science 2026-05-12 Xi Tan , Sagar Mohan , Ziming Zhao

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared…

Cryptography and Security · Computer Science 2022-08-09 Tanmaya Mishra , Thidapat Chantem , Ryan Gerdes

Protecting programs against control-flow hijacking attacks recently has become an arms race between defenders and attackers. While certain defenses, e.g., \textit{Control Flow Integrity} (CFI), restrict the targets of indirect control-flow…

Cryptography and Security · Computer Science 2018-12-21 Paul Muntean

Control-flow hijacking attacks are used to perform malicious com-putations. Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case…

Cryptography and Security · Computer Science 2019-10-04 Paul Muntean , Matthias Neumayer , Zhiqiang Lin , Gang Tan , Jens Grossklags , Claudia Eckert

In software development, the prevalence of unsafe languages such as C and C++ introduces potential vulnerabilities, especially within the heap, a pivotal component for dynamic memory allocation. Despite its significance, heap management…

Cryptography and Security · Computer Science 2024-09-24 Zheng Yu , Ganxiang Yang , Xinyu Xing

The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such as stack canaries, control flow integrity (CFI), and memory safe languages. These defenses can prevent entire classes of vulnerabilities, and…

Cryptography and Security · Computer Science 2021-04-20 Andrea Mambretti , Alexandra Sandulescu , Alessandro Sorniotti , William Robertson , Engin Kirda , Anil Kurmus

Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a victim program via side-channel observations. Linearization (i.e., elimination) of secret-dependent control flow is the main countermeasure against…

Cryptography and Security · Computer Science 2025-02-12 Hans Winderix , Marton Bognar , Lesly-Ann Daniel , Frank Piessens

Subverting the flow of instructions (e.g., by use of code-reuse attacks) still poses a serious threat to the security of today's systems. Various control flow integrity (CFI) schemes have been proposed as a powerful technique to detect and…

Hardware Architecture · Computer Science 2021-03-09 Mario Telesklav , Stefan Tauner

Return-Oriented Programming (ROP) is a typical attack technique that exploits return addresses to abuse existing code repeatedly. Most of the current return address protecting mechanisms (also known as the Backward-Edge Control-Flow…

Cryptography and Security · Computer Science 2020-07-16 Jinfeng Li , Liwei Chen , Qizhen Xu , Linan Tian , Gang Shi , Kai Chen , Dan Meng

A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on the stack. So far, shadow stacks have proven to be essential for comprehensively preventing return…

Cryptography and Security · Computer Science 2020-10-16 Hans Liljestrand , Thomas Nyman , Lachlan J. Gunn , Jan-Erik Ekberg , N. Asokan

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

Stack-based memory corruption vulnerabilities have long been exploited by attackers to execute arbitrary code or perform unauthorized memory operations. Various defense mechanisms have been introduced to mitigate stack memory errors, but…

Cryptography and Security · Computer Science 2025-03-24 Lei Chong

Frontier AI developers are relying on layers of safeguards to protect against catastrophic misuse of AI systems. Anthropic and OpenAI guard their latest Opus 4 model and GPT-5 models using such defense pipelines, and other frontier…

Computation and Language · Computer Science 2026-02-06 Ian R. McKenzie , Oskar J. Hollinsworth , Tom Tseng , Xander Davies , Stephen Casper , Aaron D. Tucker , Robert Kirk , Adam Gleave

This work presents the first design, integration, and evaluation of the standard RISC-V extensions for Control-Flow Integrity (CFI). The Zicfiss and Zicfilp extensions aim at protecting the execution of a vulnerable program from…

Hardware Architecture · Computer Science 2026-02-16 Simone Manoni , Emanuele Parisi , Riccardo Tedeschi , Davide Rossi , Andrea Acquaviva , Andrea Bartolini
‹ Prev 1 2 3 10 Next ›