• Publications
  • Influence
Readactor: Practical Code Randomization Resilient to Memory Disclosure
TLDR
We present the first practical, fine-grained code randomization defense, called Read actor, resilient to both static and dynamic ROP attacks and efficient with an average SPEC CPU performance overhead of only 6.4%. Expand
  • 185
  • 39
  • PDF
SoK: Automated Software Diversity
TLDR
In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches. Expand
  • 244
  • 35
  • PDF
Power reduction techniques for microprocessor systems
TLDR
Power consumption is a major factor that limits the performance of computers. Expand
  • 376
  • 21
  • PDF
Opaque Control-Flow Integrity
TLDR
A new binary software randomization and ControlFlow Integrity (CFI) enforcement system is presented, which is the first to efficiently resist code-reuse attacks launched by informed adversaries who possess full knowledge of the inmemory code layout of victim programs. Expand
  • 131
  • 19
  • PDF
Fine-Grained Information Flow Analysis and Enforcement in a Java Virtual Machine
  • D. Chandra, M. Franz
  • Computer Science
  • Twenty-Third Annual Computer Security…
  • 1 December 2007
TLDR
We have implemented an information flow framework for the Java virtual machine that combines static and dynamic techniques to capture not only explicit flows, but also implicit ones resulting from control flow. Expand
  • 90
  • 17
  • PDF
Dynamic taint propagation for Java
TLDR
We propose a dynamic solution that tags and tracks user input at runtime and prevents its improper use to maliciously affect the execution of the program. Expand
  • 244
  • 16
  • PDF
Leakage-Resilient Layout Randomization for Mobile Devices
TLDR
We introduce a code randomization technique that avoids these limitations and scales down to mobile and embedded devices: Leakage-Resilient Layout Randomization (LR2). Expand
  • 70
  • 13
  • PDF
Orchestra: intrusion detection using parallel execution and monitoring of program variants in user-space
TLDR
In a Multi-Variant Execution Environment (MVEE), several slightly different versions of the same program are executed in lockstep. Expand
  • 133
  • 12
  • PDF
HotpathVM: an effective JIT compiler for resource-constrained devices
TLDR
We present a just-in-time compiler for a Java VM that is small enough to fit on resource-constrained devices, yet is surprisingly effective. Expand
  • 145
  • 10
  • PDF
E unibus pluram: massive-scale software diversity as a defense mechanism
  • M. Franz
  • Computer Science
  • NSPW '10
  • 21 September 2010
TLDR
We contend that the time has come to revisit the idea of software diversity for defense purposes. Expand
  • 114
  • 10
  • PDF