05/06/2024 |
0xd |
Project Presentations (cont'd) |
04/29/2024 |
0xc |
Project Presentations |
04/22/2024 |
0xb |
Special Topics (cont'd) |
|
04/15/2024 |
0xa |
Special Topics |
- Flip Feng Shui: Hammering a Needle in the Software Stack, USENIX SEC 2016.
- Block Oriented Programming: Automating Data-Only Attacks, ACM CCS 2018.
- Spectre Attacks: Exploiting Speculative Execution, IEEE S&P 2019.
- Let Me Unwind That For You: Exceptions to Backward-Edge Protection, NDSS 2023.
- Framing Signals—A Return to Portable Shellcode, IEEE S&P 2014 (additional).
- Hacking Blind, IEEE S&P 2014 (additional).
- The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines, NDSS 2015 (additional).
- Enabling Client-Side Crash-Resistance to Overcome Diversification
and Information Hiding, NDSS 2016 (additional).
- Oblivious Code Reuse: On the Effectiveness of Leakage Resilient Diversity, NDSS 2017 (additional).
- Position-independent Code Reuse: On the Effectiveness of ASLR
in the Absence of Information Disclosure, IEEE EuroS&P 2018 (additional).
- CHERI: A Hybrid Capability-System Architecture for Scalable
Software Compartmentalization, IEEE S&P 2015 (optional).
- Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector, IEEE S&P 2016 (optional).
- Data-Oriented Programming: On the Expressiveness of Non-control Data Attacks, IEEE S&P 2016 (optional).
- Security Risks in Asynchronous Web Servers: When Performance Optimizations
Amplify the Impact of Data-Oriented Attacks, IEEE EuroS&P 2018 (optional).
|
04/08/2024 |
0x9 |
Kernel Security (cont'd) |
- Prefetch Side-Channel Attacks: Bypassing SMAP and Kernel ASLR, ACM CCS 2016.
- kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse, EuroSys 2017.
- Meltdown: Reading Kernel Memory from User Space, USENIX SEC 2018.
- xMP: Selective Memory Protection for Kernel and User Space, IEEE S&P 2020.
- Enforcing Kernel Security Invariants with Data Flow Integrity, NDSS 2016 (additional).
- Breaking Kernel Address Space Layout Randomization with Intel TSX, ACM CCS 2016 (additional).
- UniSan: Proactive Kernel Memory Initialization to Eliminate Data Leakages, ACM CCS 2016 (additional).
- How Double-Fetch Situations turn into Double-Fetch Vulnerabilities: A Study
of Double Fetches in the Linux Kernel, USENIX SEC 2017 (additional).
- KCoFI: Complete Control-Flow Integrity for Commodity
Operating System Kernels, IEEE S&P 2014 (optional).
- Fine-Grained Control-Flow Integrity for Kernel Software, IEEE EuroS&P 2016 (optional).
- Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel
Using Targeted Stack Spraying, NDSS 2017 (optional).
- Secure Page Fusion with VUsion, ACM SOSP 2017 (optional).
- KASLR is Dead: Long Live KASLR, ESSoS 2017 (optional).
- KASLR: Break It, Fix It, Repeat, ACM ASIACCS 2020 (optional).
- PIBE: Practical Kernel Control-Flow Hardening with Profile-Guided
Indirect Branch Elimination, ACM ASPLOS 2021 (optional).
- EPF: Evil Packet Filter, USENIX ATC 2023 (optional).
|
04/01/2024 |
0x8 |
Information Hiding |
|
03/25/2024 |
NUL |
Spring Recess |
|
03/18/2024 |
0x7 |
Code-Pointer Integrity |
- Code-Pointer Integrity, USENIX OSDI 2014.
- Missing the Point(er): On the Effectiveness of Code Pointer Integrity, IEEE S&P 2016.
- PAC it up: Towards Pointer Integrity using ARM Pointer Authentication, USENIX SEC 2019.
- CETIS: Retrofitting Intel CET for Generic and Efficient Intra-process
Memory Isolation, ACM CCS 2022.
- Stack Object Protection with Low Fat Pointers, NDSS 2017 (additional).
- CCFI: Cryptographically Enforced Control Flow Integrity, ACM CCS 2015 (additional).
- ASLR-Guard: Stopping Address Space Leakage for Code Reuse Attacks, ACM CCS 2015 (additional).
- PointGuardTM: Protecting Pointers from Buffer Overflow Vulnerabilities, USENIX SEC 2003 (optional).
- ERIM: Secure, Efficient In-process Isolation with Protection Keys (MPK), USENIX SEC 2019 (optional).
- μRAI: Securing Embedded Systems with Return Address Integrity, NDSS 2020 (optional).
- SEIMI: Efficient and Secure SMAP-Enabled Intra-process Memory Isolation, IEEE S&P 2020 (optional).
|
03/11/2024 |
0x6 |
Live ASLR |
- Enhanced Operating System Security Through Efficient and Fine-grained
Address Space Randomization, USENIX SEC 2012.
- Timely Rerandomization for Mitigating Memory Disclosures, ACM CCS 2015.
- Shuffler: Fast and Deployable Continuous Code Re-Randomization, USENIX OSDI 2016.
- SafeHidden: An Efficient and Secure Information Hiding Technique
Using Re-randomization, USENIX SEC 2019.
- CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks, IEEE EuroS&P 2017 (additional).
- Remix: On-demand Live Randomization, ACM CODASPY 2015 (optional).
- How to Make ASLR Win the Clone Wars: Runtime Re-Randomization, NDSS 2016 (optional).
- Morpheus: A Vulnerability-Tolerant Secure Architecture Based on Ensembles
of Moving Target Defenses with Churn, ACM ASPLOS 2019 (optional).
- CoDaRR: Continuous Data Space Randomization against Data-Only Attacks, ACM ASIACCS 2020 (optional).
- Adelie: Continuous Address Space Layout Re-randomization for Linux Drivers, ACM ASPLOS 2022 (optional).
- HARM: Hardware-Assisted Continuous Re-randomization for Microcontrollers, IEEE EuroS&P 2022 (optional).
- Randezvous: Making Randomization Effective on MCUs, ACSAC 2022 (optional).
|
03/04/2024 |
0x5 |
Code Diversification | JIT-ROP Protection |
- Just-In-Time Code Reuse: On the Effectiveness of Fine-Grained
Address Space Layout Randomization, IEEE S&P 2013.
- Readactor: Practical Code Randomization Resilient to Memory Disclosure, IEEE S&P 2015.
- Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads, ACM CCS 2015.
- Compiler-assisted Code Randomization, IEEE S&P 2018.
- Smashing the Gadgets: Hindering Return-Oriented Programming
Using In-place Code Randomization, IEEE S&P 2012 (additional).
- Oxymoron: Making Fine-Grained Memory Randomization Practical
by Allowing Code Sharing, USENIX SEC 2014 (additional).
- You Can Run but You Can't Read: Preventing Disclosure Exploits
in Executable Code, ACM CCS 2014 (additional).
- Return to the Zombie Gadgets: Undermining Destructive Code Reads
via Code Inference Attacks, IEEE S&P 2016 (additional).
- Address Obfuscation: an Efficient Approach to Combat a Broad Range
of Memory Error Exploits, USENIX SEC 2003 (optional).
- Efficient Techniques for Comprehensive Protection
from Memory Error Exploits, USENIX SEC 2005 (optional).
- Address Space Layout Permutation (ASLP): Towards Fine-Grained
Randomization of Commodity Software, ACSAC 2006 (optional).
- ILR: Where'd My Gadgets Go?, IEEE S&P 2012 (optional).
- Binary Stirring: Self-randomizing Instruction Addresses of Legacy
x86 Binary Code, ACM CCS 2012 (optional).
- Gadge Me If You Can: Secure and Efficient Ad-hoc Instruction-Level
Randomization for x86 and ARM, ACM ASIACCS 2013 (optional).
- SoK: Automated Software Diversity, IEEE S&P 2014 (optional).
- Isomeron: Code Randomization Resilient to (Just-In-Time)
Return-Oriented Programming, NDSS 2015 (optional).
- Opaque Control-Flow Integrity, NDSS 2015 (optional).
- HideM: Protecting the Contents of Userspace Memory in the Face
of Disclosure Vulnerabilities, ACM CODASPY 2015 (optional).
- Leakage-Resilient Layout Randomization for Mobile Devices, NDSS 2016. (optional)
- No-Execute-After-Read: Preventing Code Disclosure in Commodity
Software, ACM ASIACCS 2016 (optional).
- Juggling the Gadgets: Binary-level Code Randomization using
Instruction Displacement, ACM ASIACCS 2016 (optional).
- NORAX: Enabling Execute-Only Memory for COTS Binaries on AArch64, IEEE S&P 2017 (optional).
- Defeating Zombie Gadgets by Re-randomizing Code upon Disclosure, ESSoS 2017 (optional).
- Protecting COTS Binaries from Disclosure-guided Code Reuse Attacks, ACSAC 2017 (optional).
- A Framework for Software Diversification with ISA Heterogeneity, RAID 2020 (optional).
- Methodologies for Quantifying (Re-)randomization Security and Timing
under JIT-ROP, ACM CCS 2020 (optional).
- Practical Fine-Grained Binary Code Randomization, ACSAC 2020 (optional).
- R2C: AOCR-Resilient Diversity with Reactive and Reflective Camouflage, EuroSys 2023 (optional).
|
02/26/2024 |
0x4 |
Control-Flow Integrity (cont'd) |
- Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained
Control-Flow Integrity Protection, USENIX SEC 2014.
- Control-Flow Bending: On the Effectiveness of Control-Flow Integrity, USENIX SEC 2015.
- The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, ACM CCS 2017.
- CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections
for Modern Software, USENIX SEC 2019.
- Out of Control: Overcoming Control-Flow Integrity, IEEE S&P 2014 (additional).
- Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity, ACM CCS 2015 (additional).
- On the Effectiveness of Type-based Control Flow Integrity, ACSAC 2018 (additional).
- ROP is Still Dangerous: Breaking Modern Defenses, USENIX SEC 2014 (optional).
- Size Does Matter: Why Using Gadget-Chain Length to Prevent
Code-Reuse Attacks is Hard, USENIX SEC 2014 (optional).
- Losing Control: On the Effectiveness of Control-Flow Integrity under
Stack Attacks, ACM CCS 2015 (optional).
|
02/19/2024 |
NUL |
Presidents' Day |
- No class
- Counterfeit Object-oriented Programming: On the Difficulty of Preventing
Code Reuse Attacks in C++ Applications, IEEE S&P 2015 (optional).
- Type Casting Verification: Stopping an Emerging Attack Vector, USENIX SEC 2015 (optional).
- It's a TRaP: Table Randomization and Protection against
Function-Reuse Attacks, ACM CCS 2015 (optional).
- CFIXX: Object Type Integrity for C++ Virtual Dispatch, NDSS 2016 (optional).
- VTrust: Regaining Trust on Virtual Calls, NDSS 2016 (optional).
- A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level, IEEE S&P 2016 (optional).
- TypeSan: Practical Type Confusion Detection, ACM CCS 2016 (optional).
- VTPin: Practical VTable Hijacking Protection for Binaries, ACSAC 2016 (optional).
- Control-Flow Integrity: Precision, Security, and Performance, ACM CSUR 2017 (optional).
- MARX: Uncovering Class Hierarchies in C++ Programs, NDSS 2017 (optional).
- HexType: Efficient Detection of Type Confusion Errors for C++, ACM CCS 2017 (optional).
|
02/12/2024 |
0x3 |
Control-Flow Integrity |
- Control-Flow Integrity, ACM CCS 2005.
- Control Flow Integrity for COTS Binaries, USENIX SEC 2013.
- Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM, USENIX SEC 2015.
- Practical Context-Sensitive CFI, ACM CCS 2015.
- Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis, ACM CCS 2019.
- Per-Input Control-Flow Integrity, ACM CCS 2015 (additional).
- Venerable Variadic Vulnerabilities Vanquished, USENIX SEC 2017 (additional).
- Enforcing Unique Code Target Property for Control-Flow Integrity, ACM CCS 2018 (additional).
- FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking, RAID 2023 (additional).
- Practical Control Flow Integrity and Randomization for Binary Executables, IEEE S&P 2013 (optional).
- Monitor Integrity Protection with Space Efficiency and Separate Compilation, ACM CCS 2013 (optional).
- GRIFFIN: Guarding Control Flows Using Intel Processor Trace, ACM ASPLOS 2017 (optional).
- Efficient Protection of Path-Sensitive Control Security, USENIX SEC 2017 (optional).
- Object Flow Integrity, ACM CCS 2017 (optional).
- Binary Control-Flow Trimming , ACM CCS 2019 (optional).
- Let’s talk about CFI: clang edition | Microsoft Edition, Trail of Bits (optional).
|
02/05/2024 |
0x2 |
Kernel Security |
|
01/29/2024 |
0x1 |
Introduction | Basic Concepts |
|