English
Related papers

Related papers: SPECCFI: Mitigating Spectre Attacks using CFI Info…

200 papers

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

Control flow integrity (CFI) has received significant attention in the community to combat control hijacking attacks in the presence of memory corruption vulnerabilities. The challenges in creating a practical CFI has resulted in the…

Cryptography and Security · Computer Science 2020-02-17 Reza Mirzazade Farkhani , Saman Jafari , Sajjad Arshad , William Robertson , Engin Kirda , Hamed Okhravi

Speculative execution techniques have been a cornerstone of modern processors to improve instruction-level parallelism. However, recent studies showed that this kind of techniques could be exploited by attackers to leak secret data via…

Cryptography and Security · Computer Science 2021-07-20 Bowen Tang , Chenggang Wu , Zhe Wang , Lichen Jia , Pen-Chung Yew , Yueqiang Cheng , Yinqian Zhang , Chenxi Wang , Guoqing Harry Xu

Large language models (LLMs) deployed behind APIs and retrieval-augmented generation (RAG) stacks are vulnerable to prompt injection attacks that may override system policies, subvert intended behavior, and induce unsafe outputs. Existing…

Cryptography and Security · Computer Science 2026-03-20 Md Takrim Ul Alam , Akif Islam , Mohd Ruhul Ameen , Abu Saleh Musa Miah , Jungpil Shin

Memory corruption is an important class of vulnerability that can be leveraged to craft control flow hijacking attacks. Control Flow Integrity (CFI) provides protection against such attacks. Application of type-based CFI policies requires…

Cryptography and Security · Computer Science 2024-01-17 Ruturaj K. Vaidya , Prasad A. Kulkarni

Recent security vulnerabilities that target speculative execution (e.g., Spectre) present a significant challenge for processor design. The highly publicized vulnerability uses speculative execution to learn victim secrets by changing cache…

Smart contracts are frequently vulnerable to control-flow attacks based on confused deputies, reentrancy, and incorrect error handling. These attacks exploit the complexity of interactions among multiple possibly unknown contracts. Existing…

Cryptography and Security · Computer Science 2025-04-24 Siqiu Yao , Haobin Ni , Stephanie Ma , Noah Schiff , Andrew C. Myers , Ethan Cecchetti

This paper introduces Okapi, a new hardware/software cross-layer architecture designed to mitigate Transient Execution Side Channel attacks, including Spectre variants, in modern computing systems. Okapi provides a hardware basis for secure…

The recent Spectre attacks exploit speculative execution, a pervasively used feature of modern microprocessors, to allow the exfiltration of sensitive data across protection boundaries. In this paper, we introduce a new Spectre-class attack…

Cryptography and Security · Computer Science 2018-07-23 Esmaeil Mohammadian Koruyeh , Khaled Khasawneh , Chengyu Song , Nael Abu-Ghazaleh

Applications written in low-level languages without type or memory safety are especially prone to memory corruption. Attackers gain code execution capabilities through such applications despite all currently deployed defenses by exploiting…

Cryptography and Security · Computer Science 2014-07-03 Mathias Payer , Antonio Barresi , Thomas R. Gross

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such…

Cryptography and Security · Computer Science 2023-01-13 Robert Schilling , Pascal Nasahl , Martin Unterguggenberger , Stefan Mangard

Transient execution attacks that exploit speculation have raised significant concerns in computer systems. Typically, branch predictors are leveraged to trigger mis-speculation in transient execution attacks. In this work, we demonstrate a…

Cryptography and Security · Computer Science 2021-11-02 Md Hafizul Islam Chowdhuryy , Fan Yao

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

Spectre intrusions exploit speculative execution design vulnerabilities in modern processors. The attacks violate the principles of isolation in programs to gain unauthorized private user information. Current state-of-the-art detection…

Cryptography and Security · Computer Science 2022-10-27 Chidera Biringa , Gaspard Baye , Gökhan Kul

The recent Spectre attacks has demonstrated the fundamental insecurity of current computer microarchitecture. The attacks use features like pipelining, out-of-order and speculation to extract arbitrary information about the memory contents…

Cryptography and Security · Computer Science 2020-08-18 Roberto Guanciale , Musard Balliu , Mads Dam

Modern RISC-V platforms control and monitor security-critical systems such as industrial controllers and autonomous vehicles. While these platforms feature a Root-of-Trust (RoT) to store authentication secrets and enable secure boot…

Cryptography and Security · Computer Science 2024-01-08 Emanuele Parisi , Alberto Musa , Simone Manoni , Maicol Ciani , Davide Rossi , Francesco Barchi , Andrea Bartolini , Andrea Acquaviva

Fault injection (FI) is a powerful attack methodology allowing an adversary to entirely break the security of a target device. As finite-state machines (FSMs) are fundamental hardware building blocks responsible for controlling systems,…

Cryptography and Security · Computer Science 2022-08-03 Pascal Nasahl , Martin Unterguggenberger , Rishub Nagpal , Robert Schilling , David Schrammel , Stefan Mangard

Attacks like Spectre abuse speculative execution, one of the key performance optimizations of modern CPUs. Recently, several testing tools have emerged to automatically detect speculative leaks in commercial (black-box) CPUs. However, the…

Cryptography and Security · Computer Science 2023-01-19 Oleksii Oleksenko , Marco Guarnieri , Boris Köpf , Mark Silberstein

Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks. However, its real-world application has been quite limited so far because of the prohibitive performance overhead it incurs.…

Hardware Architecture · Computer Science 2021-11-30 Lang Feng , Jiayi Huang , Jeff Huang , Jiang Hu

SpecFuzz is the first tool that enables dynamic testing for speculative execution vulnerabilities (e.g., Spectre). The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software…

Cryptography and Security · Computer Science 2020-03-11 Oleksii Oleksenko , Bohdan Trach , Mark Silberstein , Christof Fetzer