English
Related papers

Related papers: FIPAC: Thwarting Fault- and Software-Induced Contr…

200 papers

With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting…

Cryptography and Security · Computer Science 2019-11-26 Kyriakos Ispoglou , Bader AlBassam , Trent Jaeger , Mathias Payer

Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation.…

Cryptography and Security · Computer Science 2023-05-12 Konrad Hohentanner , Philipp Zieris , Julian Horsch

Recently, code reuse attacks (CRAs), such as return-oriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of…

Cryptography and Security · Computer Science 2018-09-20 Jiliang Zhang , Binhang Qi , Gang Qu

Cyber-physical systems (CPS) provide profitable surfaces for hardware attacks such as hardware Trojans. Hardware Trojans can implement stealthy attacks such as leaking critical information, taking control of devices or harm humans. In this…

Cryptography and Security · Computer Science 2023-01-09 Sofia Maragkou , Axel Jantsch

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge,i.e., indirect calls through function pointers and virtual calls.…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Xinping Zhang , Mathias Payer

Control flow integrity (CFI) has received significant attention in the community to combat control hijacking attacks in the presence of memory corruption vulnerabilities. The challenges in creating a practical CFI has resulted in the…

Cryptography and Security · Computer Science 2020-02-17 Reza Mirzazade Farkhani , Saman Jafari , Sajjad Arshad , William Robertson , Engin Kirda , Hamed Okhravi

The prevalence of memory corruption bugs in the past decades resulted in numerous defenses, such as stack canaries, control flow integrity (CFI), and memory safe languages. These defenses can prevent entire classes of vulnerabilities, and…

Cryptography and Security · Computer Science 2021-04-20 Andrea Mambretti , Alexandra Sandulescu , Alessandro Sorniotti , William Robertson , Engin Kirda , Anil Kurmus

Low-end embedded devices are increasingly used in various smart applications and spaces. They are implemented under strict cost and energy budgets, using microcontroller units (MCUs) that lack security features available in general-purpose…

Cryptography and Security · Computer Science 2023-10-20 Adam Caulfield , Norrathep Rattanavipanon , Ivan De Oliveira Nunes

Embedded software is developed under the assumption that hardware execution is always correct. Fault attacks break and exploit that assumption. Through the careful introduction of targeted faults, an adversary modifies the control-flow or…

Cryptography and Security · Computer Science 2020-03-25 Bilgiday Yuce , Patrick Schaumont , Marc Witteman

Fault injection attacks represent an effective threat to embedded systems. Recently, Laurent et al. have reported that fault injection attacks can leverage faults inside the microarchitecture. However, state-of-the-art counter-measures,…

Cryptography and Security · Computer Science 2023-09-06 Thomas Chamelot , Damien Couroussé , Karine Heydemann

Data-Flow Integrity (DFI) is a well-known approach to effectively detecting a wide range of software attacks. However, its real-world application has been quite limited so far because of the prohibitive performance overhead it incurs.…

Hardware Architecture · Computer Science 2021-11-30 Lang Feng , Jiayi Huang , Jeff Huang , Jiang Hu

This work presents the first design, integration, and evaluation of the standard RISC-V extensions for Control-Flow Integrity (CFI). The Zicfiss and Zicfilp extensions aim at protecting the execution of a vulnerable program from…

Hardware Architecture · Computer Science 2026-02-16 Simone Manoni , Emanuele Parisi , Riccardo Tedeschi , Davide Rossi , Andrea Acquaviva , Andrea Bartolini

Remote attestation is a crucial security service particularly relevant to increasingly popular IoT (and other embedded) devices. It allows a trusted party (verifier) to learn the state of a remote, and potentially malware-infected, device…

Cryptography and Security · Computer Science 2016-08-18 Tigist Abera , N. Asokan , Lucas Davi , Jan-Erik Ekberg , Thomas Nyman , Andrew Paverd , Ahmad-Reza Sadeghi , Gene Tsudik

Hardware and software of secured embedded systems are prone to physical attacks. In particular, fault injection attacks revealed vulnerabilities on the data and the control flow allowing an attacker to break cryptographic or secured…

Cryptography and Security · Computer Science 2015-10-07 Lionel Rivière , Zakaria Najm , Pablo Rauzy , Jean-Luc Danger , Julien Bringer , Laurent Sauvage

Memory-safety violations in C and C++ programs continue to enable sophisticated exploitation techniques such as control-flow hijacking and data-oriented attacks. Existing hardware defenses either rely on address space layout randomization…

Control-flow leakage (CFL) attacks enable an attacker to expose control-flow decisions of a victim program via side-channel observations. Linearization (i.e., elimination) of secret-dependent control flow is the main countermeasure against…

Cryptography and Security · Computer Science 2025-02-12 Hans Winderix , Marton Bognar , Lesly-Ann Daniel , Frank Piessens

Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking…

Cryptography and Security · Computer Science 2019-05-27 Hans Liljestrand , Thomas Nyman , Kui Wang , Carlos Chinea Perez , Jan-Erik Ekberg , N. Asokan

Attacks targeting software on embedded systems are becoming increasingly prevalent. Remote attestation is a mechanism that allows establishing trust in embedded devices. However, existing attestation schemes are either static and cannot…

Cryptography and Security · Computer Science 2018-10-04 Ghada Dessouky , Shaza Zeitouni , Thomas Nyman , Andrew Paverd , Lucas Davi , Patrick Koeberl , N. Asokan , Ahmad-Reza Sadeghi

Control-flow attacks, usually achieved by exploiting a buffer-overflow vulnerability, have been a serious threat to system security for over fifteen years. Researchers have answered the threat with various mitigation techniques, but…

Cryptography and Security · Computer Science 2015-04-10 Andreas Follner , Eric Bodden

Compiler-based Control-Flow Integrity (CFI) offers strong forward-edge protection but remains challenging to deploy in large C/C++ software due to visibility mismatches, type inconsistencies, and unintended behavioral failures. We present…

Software Engineering · Computer Science 2025-12-30 Sabine Houy , Bruno Kreyssig , Alexandre Bartel