English
Related papers

Related papers: In-Kernel Control-Flow Integrity on Commodity OSes…

200 papers

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise…

Cryptography and Security · Computer Science 2019-12-10 Rémi Denis-Courmont , Hans Liljestrand , Carlos Chinea , Jan-Erik Ekberg

Code reuse attacks are still big threats to software and system security. Control flow integrity is a promising technique to defend against such attacks. However, its effectiveness has been weakened due to the inaccurate control flow graph…

Cryptography and Security · Computer Science 2020-10-13 Yutian Yang , Songbo Zhu , Wenbo Shen , Yajin Zhou , Jiadong Sun , Kui Ren

With the improvements of computing technology, more and more applications embed powerful ARM processors into their devices. These systems can be attacked by redirecting the control-flow of a program to bypass critical pieces of code such as…

Cryptography and Security · Computer Science 2021-05-03 Robert Schilling , Pascal Nasahl , Stefan Mangard

Recent Pwn2Own competitions have demonstrated the continued effectiveness of control hijacking attacks despite deployed countermeasures including stack canaries and ASLR. A powerful defense called Control flow Integrity (CFI) offers a…

Cryptography and Security · Computer Science 2014-08-08 Ali Jose Mashtizadeh , Andrea Bittau , David Mazieres , Dan Boneh

Growing code bases of modern applications have led to a steady increase in the number of vulnerabilities. Control-Flow Integrity (CFI) is one promising mitigation that is more and more widely deployed and prevents numerous exploits. CFI…

Cryptography and Security · Computer Science 2022-03-01 Claudio Canella , Sebastian Dorn , Daniel Gruss , Michael Schwarz

Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat against computer systems. The prevalence of techniques like return-oriented programming (ROP) in attacking…

Cryptography and Security · Computer Science 2019-05-27 Hans Liljestrand , Thomas Nyman , Kui Wang , Carlos Chinea Perez , Jan-Erik Ekberg , N. Asokan

CFI is a computer security technique that detects runtime attacks by monitoring a program's branching behavior. This work presents a detailed analysis of the security policies enforced by 21 recent hardware-based CFI architectures. The goal…

Cryptography and Security · Computer Science 2017-08-01 Ruan de Clercq , Ingrid Verbauwhede

Embedded, smart, and IoT devices are increasingly popular in numerous everyday settings. Since lower-end devices have the most strict cost constraints, they tend to have few, if any, security features. This makes them attractive targets for…

Cryptography and Security · Computer Science 2023-09-21 Sashidhar Jakkamsetti , Youngil Kim , Andrew Searles , Gene Tsudik

With the increasing scale of deployment of Internet of Things (IoT), concerns about IoT security have become more urgent. In particular, memory corruption attacks play a predominant role as they allow remote compromise of IoT devices.…

Cryptography and Security · Computer Science 2017-06-20 Thomas Nyman , Jan-Erik Ekberg , Lucas Davi , N. Asokan

Fault attacks enable adversaries to manipulate the control-flow of security-critical applications. By inducing targeted faults into the CPU, the software's call graph can be escaped and the control-flow can be redirected to arbitrary…

Cryptography and Security · Computer Science 2023-03-27 Pascal Nasahl , Salmin Sultana , Hans Liljestrand , Karanvir Grewal , Michael LeMay , David M. Durham , David Schrammel , Stefan Mangard

With the improvements in computing technologies, edge devices in the Internet-of-Things have become more complex. The enabler technology for these complex systems are powerful application core processors with operating system support, such…

Cryptography and Security · Computer Science 2023-01-13 Robert Schilling , Pascal Nasahl , Martin Unterguggenberger , Stefan Mangard

Large language models (LLMs) deployed behind APIs and retrieval-augmented generation (RAG) stacks are vulnerable to prompt injection attacks that may override system policies, subvert intended behavior, and induce unsafe outputs. Existing…

Cryptography and Security · Computer Science 2026-03-20 Md Takrim Ul Alam , Akif Islam , Mohd Ruhul Ameen , Abu Saleh Musa Miah , Jungpil Shin

Computing systems, including real-time embedded systems, are becoming increasingly connected to allow for more advanced and safer operation. Such embedded systems are resource-constrained, such as lower processing capabilities, as compared…

Cryptography and Security · Computer Science 2022-08-09 Tanmaya Mishra , Thidapat Chantem , Ryan Gerdes

ARM is becoming more popular in desktops and data centers, opening a new realm in terms of security attacks against ARM. ARM has released Pointer Authentication, a new hardware security feature that is intended to ensure pointer integrity…

Cryptography and Security · Computer Science 2022-03-30 Mohannad Ismail , Andrew Quach , Christopher Jelesnianski , Yeongjin Jang , Changwoo Min

Modern processors include high-performance cryptographic functionalities such as Intel's AES-NI and ARM's Pointer Authentication that allow programs to efficiently authenticate data held by the program. Pointer Authentication is already…

Cryptography and Security · Computer Science 2022-10-21 Setareh Ghorshi , Lachlan J. Gunn , Hans Liljestrand , N. Asokan

Memory safety bugs remain in the top ranks of security vulnerabilities, even after decades of research on their detection and prevention. Various mitigations have been proposed for C/C++, ranging from language dialects to instrumentation.…

Cryptography and Security · Computer Science 2023-05-12 Konrad Hohentanner , Philipp Zieris , Julian Horsch

Modern RISC-V platforms control and monitor security-critical systems such as industrial controllers and autonomous vehicles. While these platforms feature a Root-of-Trust (RoT) to store authentication secrets and enable secure boot…

Cryptography and Security · Computer Science 2024-01-08 Emanuele Parisi , Alberto Musa , Simone Manoni , Maicol Ciani , Davide Rossi , Francesco Barchi , Andrea Bartolini , Andrea Acquaviva

Low-end embedded devices are increasingly used in various smart applications and spaces. They are implemented under strict cost and energy budgets, using microcontroller units (MCUs) that lack security features available in general-purpose…

Cryptography and Security · Computer Science 2023-10-20 Adam Caulfield , Norrathep Rattanavipanon , Ivan De Oliveira Nunes

Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the…

Cryptography and Security · Computer Science 2019-11-26 Nathan Burow , Scott A. Carr , Joseph Nash , Per Larsen , Michael Franz , Stefan Brunthaler , Mathias Payer

Prior research yielded many techniques to mitigate software compromise for low-end Internet of Things (IoT) devices. Some of them detect software modifications via remote attestation and similar services, while others preventatively ensure…

Cryptography and Security · Computer Science 2025-01-17 Sashidhar Jakkamsetti , Youngil Kim , Andrew Searles , Gene Tsudik
‹ Prev 1 2 3 10 Next ›