02/24/2025 |
0x4 |
Control-Flow Integrity (cont'd) |
- Stitching the Gadgets: On the Ineffectiveness of Coarse-Grained
Control-Flow Integrity Protection, USENIX SEC 2014.
- Control-Flow Bending: On the Effectiveness of Control-Flow Integrity, USENIX SEC 2015.
- The Dynamics of Innocent Flesh on the Bone: Code Reuse Ten Years Later, ACM CCS 2017.
- CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections
for Modern Software, USENIX SEC 2019.
- Out of Control: Overcoming Control-Flow Integrity, IEEE S&P 2014 (additional).
- Control Jujutsu: On the Weaknesses of Fine-Grained Control Flow Integrity, ACM CCS 2015 (additional).
- On the Effectiveness of Type-based Control Flow Integrity, ACSAC 2018 (additional).
- SoK: On the Effectiveness of Control-Flow Integrity in Practice, USENIX WOOT 2024 (additional).
- ROP is Still Dangerous: Breaking Modern Defenses, USENIX SEC 2014 (optional).
- Size Does Matter: Why Using Gadget-Chain Length to Prevent
Code-Reuse Attacks is Hard, USENIX SEC 2014 (optional).
- Losing Control: On the Effectiveness of Control-Flow Integrity under
Stack Attacks, ACM CCS 2015 (optional).
- WarpAttack: Bypassing CFI through Compiler-Introduced Double-Fetches, IEEE S&P 2023 (optional).
|
02/17/2025 |
NUL |
Presidents' Day |
- No class
- Counterfeit Object-oriented Programming: On the Difficulty of Preventing
Code Reuse Attacks in C++ Applications, IEEE S&P 2015 (optional).
- Type Casting Verification: Stopping an Emerging Attack Vector, USENIX SEC 2015 (optional).
- It's a TRaP: Table Randomization and Protection against
Function-Reuse Attacks, ACM CCS 2015 (optional).
- CFIXX: Object Type Integrity for C++ Virtual Dispatch, NDSS 2016 (optional).
- VTrust: Regaining Trust on Virtual Calls, NDSS 2016 (optional).
- A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level, IEEE S&P 2016 (optional).
- TypeSan: Practical Type Confusion Detection, ACM CCS 2016 (optional).
- VTPin: Practical VTable Hijacking Protection for Binaries, ACSAC 2016 (optional).
- Control-Flow Integrity: Precision, Security, and Performance, ACM CSUR 2017 (optional).
- MARX: Uncovering Class Hierarchies in C++ Programs, NDSS 2017 (optional).
- HexType: Efficient Detection of Type Confusion Errors for C++, ACM CCS 2017 (optional).
- Origin-sensitive Control Flow Integrity, USENIX SEC 2019 (optional).
- Sherloc: Secure and Holistic Control-Flow Violation Detection
on Embedded Systems, ACM CCS 2023 (optional).
|
02/10/2025 |
0x3 |
Control-Flow Integrity |
- Control-Flow Integrity, ACM CCS 2005.
- Control Flow Integrity for COTS Binaries, USENIX SEC 2013.
- Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM, USENIX SEC 2015.
- Where Does It Go?: Refining Indirect-Call Targets with Multi-Layer Type Analysis, ACM CCS 2019.
- FineIBT: Fine-grain Control-flow Enforcement with Indirect Branch Tracking, RAID 2023.
- Practical Context-Sensitive CFI, ACM CCS 2015 (additional).
- Per-Input Control-Flow Integrity, ACM CCS 2015 (additional).
- Venerable Variadic Vulnerabilities Vanquished, USENIX SEC 2017 (additional).
- Enforcing Unique Code Target Property for Control-Flow Integrity, ACM CCS 2018 (additional).
- DEEPTYPE: Refining Indirect Call Targets
with Strong Multi-layer Type Analysis, USENIX SEC 2024 (additional).
- Practical Control Flow Integrity and Randomization for Binary Executables, IEEE S&P 2013 (optional).
- Monitor Integrity Protection with Space Efficiency and Separate Compilation, ACM CCS 2013 (optional).
- GRIFFIN: Guarding Control Flows Using Intel Processor Trace, ACM ASPLOS 2017 (optional).
- Efficient Protection of Path-Sensitive Control Security, USENIX SEC 2017 (optional).
- Object Flow Integrity, ACM CCS 2017 (optional).
- Binary Control-Flow Trimming, ACM CCS 2019 (optional).
- Refining Indirect Call Targets at the Binary Level, NDSS 2021 (optional).
- Let’s talk about CFI: clang edition | Microsoft Edition, Trail of Bits (optional).
|
02/03/2025 |
0x2 |
Kernel Security |
- kGuard: Lightweight Kernel Protection against Return-to-user Attacks, USENIX SEC 2012.
- ret2dir: Rethinking Kernel Isolation, USENIX SEC 2014.
- kR^X: Comprehensive Kernel Protection against Just-In-Time Code Reuse, EuroSys 2017.
- Practical Timing Side Channel Attacks against Kernel Space ASLR, IEEE S&P 2013 (additional).
- PT-Rand: Practical Mitigation of Data-only Attacks against Page Tables, NDSS 2017 (additional).
- DirtyCred: Escalating Privilege in Linux Kernel, ACM CCS 2022 (additional).
- A Tale of Two Kernels: Towards Ending Kernel Hardening Wars with Split Kernel, ACM CCS 2014 (optional).
- Nested Kernel: An Operating System Architecture for Intra-Kernel
Privilege Separation, ACM ASPLOS 2016 (optional).
- Jump over ASLR: Attacking Branch Predictors to Bypass ASLR, IEEE MICRO 2016 (optional).
- RetSpill: Igniting User-Controlled Data to Burn Away Linux Kernel Protections, ACM CCS 2023 (optional).
|
01/27/2025 |
0x1 |
Introduction | Basic Concepts |
|