Skip to search formSkip to main contentSkip to account menu

Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained Address Space Layout Randomization

This paper introduces the design and implementation of a framework based on a novel attack strategy that undermines the benefits of fine-grained ASLR by exploiting the ability to repeatedly abuse a memory disclosure to map an application's memory layout on the fly.
View on IEEE (opens in a new tab)

Return-oriented programming without returns

We show that on both the x86 and ARM architectures it is possible to mount return-oriented programming attacks without using return instructions. Our attacks instead make use of certain instruction
View on ACM (opens in a new tab)

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

It is demonstrated that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice, and that even recently proposed defenses that specifically target C++ are vulnerable to COOP.
View on IEEE (opens in a new tab)

IoT SENTINEL: Automated Device-Type Identification for Security Enforcement in IoT

IoT Sentinel is presented, a system capable of automatically identifying the types of devices being connected to an IoT network and enabling enforcement of rules for constraining the communications of vulnerable devices so as to minimize damage resulting from their compromise.
View on IEEE (opens in a new tab)

TrustLite: a security architecture for tiny embedded devices

This work describes mechanisms for secure exception handling and communication between protected modules, enabling seamless interoperability with untrusted operating systems and tasks, and presents the TrustLite security architecture for flexible, hardware-enforced isolation of software modules.
View on ACM (opens in a new tab)

Readactor: Practical Code Randomization Resilient to Memory Disclosure

This paper presents the first practical, fine-grained code randomization defense, called Read actor, resilient to both static and dynamic ROP attacks, and uses a new compiler-based code generation paradigm that uses hardware features provided by modern CPUs to enable execute-only memory and hide code pointers from leakage to the adversary.
View on IEEE (opens in a new tab)

C-FLAT: Control-Flow Attestation for Embedded Systems Software

The design and implementation of Control-FLow ATtestation (C-FLAT) is presented that enables remote attestation of an application's control-flow path, without requiring the source code, and its performance is evaluated using a real-world embedded application and against control- flow hijacking attacks.
View on ACM (opens in a new tab)

Security and privacy challenges in industrial Internet of Things

This paper gives an introduction to industrial IoT systems, the related security and privacy challenges, and an outlook on possible solutions towards a holistic security framework for Industrial IoT systems.
View on ACM (opens in a new tab)

Improved Garbled Circuit Building Blocks and Applications to Auctions and Computing Minima

We consider generic Garbled Circuit (GC)-based techniques for Secure Function Evaluation (SFE) in the semi-honest model. We describe efficient GC constructions for addition, subtraction,
View via Publisher (opens in a new tab)

Unsafe exposure analysis of mobile in-app advertisements

The investigation indicates the symbiotic relationship between embedded ad libraries and host apps is one main reason behind these exposed risks, and clearly shows the need for better regulating the way ad libraries are integrated in Android apps.
View on ACM (opens in a new tab)
...
By clicking accept or continuing to use the site, you agree to the terms outlined in our Privacy Policy (opens in a new tab), Terms of Service (opens in a new tab), and Dataset License (opens in a new tab)