English
Related papers

Related papers: Survey of Methods for Automated Code-Reuse Exploit…

200 papers

The exploit or the Proof of Concept of the vulnerability plays an important role in developing superior vulnerability repair techniques, as it can be used as an oracle to verify the correctness of the patches generated by the tools.…

Current low-level exploits often rely on code-reuse, whereby short sections of code (gadgets) are chained together into a coherent exploit that can be executed without the need to inject any code. Several protection mechanisms attempt to…

Software Engineering · Computer Science 2016-05-27 Andreas Follner , Alexandre Bartel , Eric Bodden

Memory corruption vulnerabilities are still a severe threat for software systems. To thwart the exploitation of such vulnerabilities, many different kinds of defenses have been proposed in the past. Most prominently, Control-Flow Integrity…

Cryptography and Security · Computer Science 2020-07-09 Patrick Wollgast , Robert Gawlik , Behrad Garmany , Benjamin Kollenda , Thorsten Holz

Despite extensive testing and correctness certification of their functional semantics, a number of compiler optimizations have been shown to violate security guarantees implemented in source code. While prior work has shed light on how such…

Cryptography and Security · Computer Science 2021-09-30 Michael D. Brown , Matthew Pruett , Robert Bigelow , Girish Mururu , Santosh Pande

Just-in-time return-oriented programming (JIT-ROP) allows one to dynamically discover instruction pages and launch code reuse attacks, effectively bypassing most fine-grained address space layout randomization (ASLR) protection. However,…

Cryptography and Security · Computer Science 2020-06-16 Salman Ahmed , Ya Xiao , Gang Tan , Kevin Snow , Fabian Monrose , Danfeng , Yao

This paper provides the first analysis on the feasibility of Return-Oriented Programming (ROP) on RISC-V, a new instruction set architecture targeting embedded systems. We show the existence of a new class of gadgets, using several Linear…

Cryptography and Security · Computer Science 2021-03-16 Georges-Axel Jaloyan , Konstantinos Markantonakis , Raja Naeem Akram , David Robin , Keith Mayes , David Naccache

Retrieval-Augmented Code Generation (RACG) is increasingly adopted to enhance Large Language Models for software development, yet its security implications remain dangerously underexplored. This paper conducts the first systematic…

Cryptography and Security · Computer Science 2025-12-29 Tian Li , Bo Lin , Shangwen Wang , Yusong Tan

As the number of web applications and API endpoints exposed to the Internet continues to grow, so does the number of exploitable vulnerabilities. Manually identifying such vulnerabilities is tedious. Meanwhile, static security scanners tend…

Cryptography and Security · Computer Science 2025-12-17 Felix Mächtle , Nils Loose , Tim Schulz , Florian Sieck , Jan-Niclas Serr , Ralf Möller , Thomas Eisenbarth

In software development, developers extensively utilize third-party libraries to avoid implementing existing functionalities. When a new third-party library vulnerability is disclosed, project maintainers need to determine whether their…

Software Engineering · Computer Science 2023-12-18 Zirui Chen , Xing Hu , Xin Xia , Yi Gao , Tongtong Xu , David Lo , Xiaohu Yang

Open-source third-party libraries are widely used in software development. These libraries offer substantial advantages in terms of time and resource savings. However, a significant concern arises due to the publicly disclosed…

Software Engineering · Computer Science 2025-02-12 Yi Gao , Xing Hu , Zirui Chen , Xiaohu Yang

Nowadays, an increasing number of applications uses deserialization. This technique, based on rebuilding the instance of objects from serialized byte streams, can be dangerous since it can open the application to attacks such as remote code…

Cryptography and Security · Computer Science 2022-08-18 Imen Sayar , Alexandre Bartel , Eric Bodden , Yves Le Traon

Modern code reuse attacks are taking full advantage of bloated software. Attackers piece together short sequences of instructions in otherwise benign code to carry out malicious actions. Eliminating these reusable code snippets, known as…

Cryptography and Security · Computer Science 2021-10-20 Chris Porter , Sharjeel Khan , Santosh Pande

Software is everywhere, from mission critical systems such as industrial power stations, pacemakers and even household appliances. This growing dependence on technology and the increasing complexity software has serious security…

Cryptography and Security · Computer Science 2018-08-08 Teresa Nicole Brooks

Since its inception, Rowhammer exploits have rapidly evolved into increasingly sophisticated threats compromising data integrity and the control flow integrity of victim processes. Nevertheless, it remains a challenge for an attacker to…

Cryptography and Security · Computer Science 2025-05-06 Andrew Adiletta , M. Caner Tol , Kemal Derya , Berk Sunar , Saad Islam

Software vulnerabilities continue to undermine the reliability and security of modern systems, particularly as software complexity outpaces the capabilities of traditional detection methods. This study introduces a genetic algorithm-based…

Software Engineering · Computer Science 2025-08-11 Yanusha Mehendran , Maolin Tang , Yi Lu

Code generation aims to automatically generate code snippets of specific programming language according to natural language descriptions. The continuous advancements in deep learning, particularly pre-trained models, have empowered the code…

Software Engineering · Computer Science 2025-01-24 Zezhou Yang , Sirong Chen , Cuiyun Gao , Zhenhao Li , Xing Hu , Kui Liu , Xin Xia

Exploits constitute malware in the form of application inputs. They take advantage of security vulnerabilities inside programs in order to yield execution control to attackers. The root cause of successful exploitation lies in emergent…

Cryptography and Security · Computer Science 2021-09-28 Robert Abela , Mark Vella

Nowadays, exploits often rely on a code-reuse approach. Short pieces of code called gadgets are chained together to execute some payload. Code-reuse attacks can exploit vulnerabilities in the presence of operating system protection that…

Cryptography and Security · Computer Science 2022-03-23 Alexey Nurmukhametov , Alexey Vishnyakov , Vlada Logunova , Shamil Kurmangaleev

Regenerating codes are a class of codes proposed for providing reliability of data and efficient repair of failed nodes in distributed storage systems. In this paper, we address the fundamental problem of handling errors and erasures during…

Information Theory · Computer Science 2015-03-20 K. V. Rashmi , Nihar B. Shah , Kannan Ramchandran , P. Vijay Kumar

Control Flow Hijacking attacks have posed a serious threat to the security of applications for a long time where an attacker can damage the control Flow Integrity of the program and execute arbitrary code. These attacks can be performed by…

Cryptography and Security · Computer Science 2021-11-08 Ayush Bansal , Debadatta Mishra
‹ Prev 1 2 3 10 Next ›