English
Related papers

Related papers: Methodologies for Quantifying (Re-)randomization S…

200 papers

Control Flow Hijacking attacks have posed a serious threat to the security of applications for a long time where an attacker can damage the control Flow Integrity of the program and execute arbitrary code. These attacks can be performed by…

Cryptography and Security · Computer Science 2021-11-08 Ayush Bansal , Debadatta Mishra

Defense techniques such as Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) were the early role models preventing primitive code injection and return-oriented programming (ROP) attacks. Notably, these techniques…

Cryptography and Security · Computer Science 2019-09-23 Christopher Jelesnianski , Jinwoo Yom , Changwoo Min , Yeongjin Jang

Just-in-time return-oriented programming (JIT-ROP) is a powerful memory corruption attack that bypasses various forms of code randomization. Execute-only memory (XOM) can potentially prevent these attacks, but requires source code. In…

Cryptography and Security · Computer Science 2020-07-08 Jannik Pewny , Philipp Koppe , Lucas Davi , Thorsten Holz

Fine-grained Address Space Randomization has been considered as an effective protection against code reuse attacks such as ROP/JOP. However, it only employs a one-time randomization, and such a limitation has been exploited by recent…

Cryptography and Security · Computer Science 2015-07-13 Ping Chen , Jun Xu , Jun Wang , Peng Liu

Return Oriented Programming (ROP) is a technique by which an attacker can induce arbitrary behavior inside a vulnerable program without injecting a malicious code. The continues failure of the currently deployed defenses against ROP has…

Cryptography and Security · Computer Science 2020-05-26 Ammari Nader , Joan Calvet , Jose M. Fernandez

This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that is already contained in a vulnerable program. The code-reuse approach allows one to exploit vulnerabilities in the…

Cryptography and Security · Computer Science 2021-07-23 Alexey Vishnyakov , Alexey Nurmukhametov

Randomized benchmarking (RB) is a widely used strategy to assess the quality of available quantum gates in a computational context. RB involves applying known random sequences of gates to an initial state and using the statistics of a final…

While address space layout randomization (ASLR) has been extensively studied for user-space programs, the corresponding OS kernel's KASLR support remains very limited, making the kernel vulnerable to just-in-time (JIT) return-oriented…

Operating Systems · Computer Science 2022-01-21 Ruslan Nikolaev , Hassan Nadeem , Cathlyn Stone , Binoy Ravindran

Memory safety is a cornerstone of secure and robust software systems, as it prevents a wide range of vulnerabilities and exploitation techniques. Among these, we focus on Return-Oriented Programming (ROP). ROP works as such: the attacker…

Cryptography and Security · Computer Science 2023-11-03 Federico Cassano , Charles Bershatsky , Jacob Ginesin , Sasha Bashenko

Recently, code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of…

Cryptography and Security · Computer Science 2018-09-20 Jiliang Zhang , Binhang Qi , Gang Qu

Return-Oriented Programming (ROP) is a software exploit for system compromise. By chaining short instruction sequences from existing code pieces, ROP can bypass static code-integrity checking approaches and non-executable page protections.…

Cryptography and Security · Computer Science 2016-09-12 Xueyang Wang , Jerry Backer

Randomized benchmarking (RB) is a widely used method for estimating the average fidelity of gates implemented on a quantum computing device. The stochastic error of the average gate fidelity estimated by RB depends on the sampling strategy…

Quantum Physics · Physics 2021-09-17 Toshinari Itoko , Rudy Raymond

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but…

Cryptography and Security · Computer Science 2015-04-10 Andreas Follner , Eric Bodden

Just-in-time defect prediction (JIT-DP) aims to predict the likelihood of code changes resulting in software defects at an early stage. Although code change metrics and semantic features have enhanced prediction accuracy, prior research has…

Software Engineering · Computer Science 2025-07-29 Feifei Niu , Junqian Shao , Christoph Mayr-Dorn , Liguo Huang , Wesley K. G. Assunção , Chuanyi Li , Jidong Ge , Alexander Egyed

Current low-level exploits often rely on code-reuse, whereby short sections of code (gadgets) are chained together into a coherent exploit that can be executed without the need to inject any code. Several protection mechanisms attempt to…

Software Engineering · Computer Science 2016-05-27 Andreas Follner , Alexandre Bartel , Eric Bodden

Recent works have started to theoretically investigate how we can protect differentially private programs against timing attacks, by making the joint distribution the output and the runtime differentially private (JOT-DP). However, the…

Cryptography and Security · Computer Science 2025-06-10 Zachary Ratliff , Salil Vadhan

Heap layout randomization renders a good portion of heap vulnerabilities unexploitable. However, some remnants of the vulnerabilities are still exploitable even under the randomized layout. According to our analysis, such heap exploits…

Cryptography and Security · Computer Science 2018-08-09 Daehee Jang , Jonghwan Kim , Minjoon Park , Yunjong Jung , Hojoon Lee , Brent Byunghoon Kang

Nearly all modern software suffers from bloat that negatively impacts its performance and security. To combat this problem, several automated techniques have been proposed to debloat software. A key metric used in many of these works to…

Cryptography and Security · Computer Science 2020-01-17 Michael D. Brown , Santosh Pande

Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such…

Cryptography and Security · Computer Science 2021-09-30 Michael D. Brown , Matthew Pruett , Robert Bigelow , Girish Mururu , Santosh Pande
‹ Prev 1 2 3 10 Next ›