grsecurity/PaX Citations in Academic Research

562 references from 2001 - 2020

  1. Protecting the core: Kernel exploitation mitigations, 2011
  2. Advanced Linux Security, 2013
  3. Gran: model checking grsecurity RBAC policies, 2012
  4. Granalyze: towards the automatic verification of Grsecurity RBAC policies, 2014
  5. Microsoft Research - RandSys: Thwarting Code Injection Attacks with System Service Interface Randomization, 2007
  6. Microsoft Research - Data Randomization, 2008
  7. Microsoft Research - Control-flow integrity, 2005
  8. StackGhost: Hardware Facilitated Stack Protection, 2001
  9. A Decade of Linux Kernel Vulnerabilities, their Mitigation and Open Problems, 2018
  10. Who Watches the Watchmen: A Security-focused Review on Current State-of-the-art Techniques, Tools, and Methods for Systems and Binary Analysis on Modern Platforms, 2018
  11. SpecFuzz: Bringing Spectre-type vulnerabilities to the surface, 2019
  12. Secure program execution via dynamic information flow tracking, 2006
  13. Type-Assisted Dynamic Buffer Overflow Detection, 2002
  14. Address obfuscation: An efficient approach to combat a broad range of memory error exploits, 2003
  15. Protecting global and static variables from buffer overflow attacks without overhead, 2006
  16. Context Sensitive Anomaly Monitoring of Process Control Flow to Detect Mimicry Attacks and Impossible Paths, 2004
  17. A Methodology for Designing Countermeasures Against Current and Future Code Injection Attacks, 2005
  18. e-nexsh: Achieving an effectively non-executable stack and heap via system-call policing, 2005
  19. Stackguard: Simple smash stack protection for GCC, 2003
  20. Run-time detection of heap-based overflows, 2003
  21. Avoiding Buffer Overflows and Related Problems, 2004
  22. Server Protection through Dynamic Patching, 2005
  23. SELinux and grsecurity: A Side-by-Size Comparison of Mandatory Access Control and Access Control List Implementations, 2003
  24. SELinux and grsecurity: A Case Study Comparing Linux Security Kernel Enhancements, 2003
  25. RSBAC-a framework for enhanced Linux system security, 2005
  26. Secure computing: SELinux, 2007
  27. Attacking Signed Binaries, 2005
  28. Distributed control enabling consistent MAC policies and IDS based on a meta-policy approach, 2006
  29. Formalisation et garantie de propriétés de sécurité système: application à la détection d'intrusions, 2007
  30. Securing a Linux-based Multi-User Web Server, 2006
  31. Exploiting 802.11 Wireless Driver Vulnerabilities on Windows, 2006
  32. Détection D'intrusion Orientée Méta-Politique, 2005
  33. Abstract Efficient Techniques for Comprehensive Protection from Memory Error Exploits, 2005
  34. Predicting Security Vulnerabilities from Function Calls, 2007
  35. ARMORY: An auxiliary testing tool for automatic buffer overflow vulnerability detection, 2008
  36. Next generation debuggers for reverse engineering, 2007
  37. Centralized security policy support for virtual machine, 2006
  38. Secure remote management and software distribution for wireless mesh networks, 2007
  39. Attack-Redirector: A Server Protection and Honeypot Bait System, 2008
  40. A novel approach for distributed updates of MAC policies using a meta-protection framework, 2004
  41. A Linux Implementation of Temporal Access Controls, 2007
  42. FormatShield: A Binary Rewriting Defense against Format String Attacks, 2008
  43. Playing with ptrace() for fun and profit, 2006
  44. Increasing Information Security with Mandatory Access Controls in the Operating System, 2006
  45. Address Space Layout Permutation: Increasing Resistance to Memory Corruption Attacks, 2005
  46. Automatic Synthesis of Filters to Discard Buffer Overflow Attacks: A Step Towards Realizing Self-Healing Systems, 2005
  47. On the effectiveness of address-space randomization, 2004
  48. Collaboration between MAC Policies and IDS based on a Meta-Policy approach, 2006
  49. An Architectural Approach to Preventing Code Injection Attacks, 2007
  50. Alternative Xbox copy protection designs, 2005
  51. Software Security through Targeted Diversification, 2007
  52. Code Injection Attacks on Harvard-Architecture Devices, 2008
  53. When good instructions go bad: generalizing return-oriented programming to RISC, 2008
  54. Covert Debugging Circumventing Software Armoring Techniques, 2007
  55. Buffer Overflow Vulnerabilities: Exploits and Defensive Techniques, 2004
  56. Multi-variant Program Execution: Using Multi-core Systems to Defuse Buffer-Overflow Vulnerabilities, 2008
  57. The FOREVER service for fault/intrusion removal, 2008
  58. Detection and Subversion of Virtual Machines, 2006
  59. Persistence in dynamic code transformation systems, 2005
  60. Panel: The Future of Biologically-Inspired Security: Is There Anything Left to Learn?, 2007
  61. Improved Network Security and Disguising TCP/IP Fingerprint through Dynamic Stack Modification, 2005
  62. Corruption de la Memoire lors de l'Exploitation, 2006
  63. Defeating memory corruption attacks via pointer taintedness detection, 2005
  64. Immunology, diversity, and homeostasis: The past and future of biologically inspired computer defenses, 2007
  65. Insecure Context Switching: Inoculating regular expressions for survivability, 2008
  66. Ensuring secure program execution in multiprocessor embedded systems: a case study, 2007
  67. Defeating Compiler-Level Buffer Overflow Protection, 2006
  68. Reverse Stack Execution, 2007
  69. Secure and practical defense against code-injection attacks using software dynamic translation, 2006
  70. Omniunpack: Fast, generic, and safe unpacking of malware, 2007
  71. Prevention of code-injection attacks by encrypting system call arguments, 2006
  72. Non-control-data attacks are realistic threats, 2005
  73. Combating Memory Corruption Attacks On Scada Devices, 2008
  74. Address-space randomization for Windows systems, 2006
  75. DieHard: Probabilistic memory safety for unsafe languages, 2006
  76. Secure Bit: Transparent, Hardware Buffer-Overflow Protection, 2006
  77. Improving address space randomization with a dynamic offset randomization technique, 2006
  78. x86-64 buffer overflow exploits and the borrowed code chunks exploitation technique, 2005
  79. Known/chosen key attacks against software instruction set randomization, 2006
  80. A Survey of Randomization Techniques Against Common Mode Attacks, 2005
  81. An immune system inspired approach for protection from repetitive attacks, 2005
  82. Efficient protection against heap-based buffer overflows without resorting to magic, 2006
  83. Resilient Intrusion Tolerance through Proactive and Reactive Recovery, 2007
  84. Virtual machine-provided context sensitive page mappings, 2008
  85. Persistent code caching: Exploiting code reuse across executions and applications, 2007
  86. The geometry of innocent flesh on the bone: Return-into-libc without function calls (on the x86), 2007
  87. ARCHERR: Runtime environment driven program safety, 2004
  88. Foreign Code Detection on the Windows/X86 Platform, 2006
  89. Where's the FEEB?: The effectiveness of instruction set randomization, 2005
  90. Efficient techniques for comprehensive protection from memory error exploits, 2005
  91. Exterminator: Automatically correcting memory errors with high probability, 2007
  92. Automatic diagnosis and response to memory corruption vulnerabilities, 2005
  93. Data space randomization, 2008
  94. The Evolution of System-Call Monitoring, 2008
  95. MemSherlock: an automated debugger for unknown memory corruption vulnerabilities, 2007
  96. DIRA: Automatic Detection, Identification, and Repair of Control-Hijacking Attacks, 2004
  97. A practical mimicry attack against powerful system-call monitors, 2008
  98. SigFree: A Signature-free Buffer Overflow Attack Blocker, 2006
  99. Kernel Support for Redundant Execution on Multiprocessor Systems, 2007
  100. Kernel Support for Deterministic Redundant Execution of Shared Memory Workloads on Multiprocessor Systems, 2007
  101. Real-world buffer overflow protection for userspace & kernelspace, 2008
  102. ASLR Smack & Laugh Reference: Seminar on Advanced Exploitation Techniques, 2008
  103. Comprehensively and efficiently protecting the heap, 2006
  104. Hardened OS exploitation techniques, 2004
  105. A Security Architecture for Microprocessors, 2003
  106. Hypervisor support for identifying covertly executing binaries, 2008
  107. Using instruction block signatures to counter code injection attacks, 2005
  108. Automatic generation of buffer overflow attack signatures: An approach based on program behavior models, 2005
  109. Address space layout permutation (ASLP): Towards fine-grained randomization of commodity software, 2006
  110. Bezoar: Automated Virtual Machine-based Full-System Recovery from Control-Flow Hijacking Attacks, 2007
  111. Deploying dynamic code transformation in modern computing environments, 2006
  112. Binary rewriting and call interception for efficient runtime protection against buffer overflows, 2006
  113. Control-flow integrity: Principles, implementations, and applications, 2005
  114. Randomized instruction set emulation, 2005
  115. Implementation vulnerabilities and detection, 2007
  116. Proactive Obfuscation, 2009
  117. Orchestra: Intrusion Detection Using Parallel Execution and Monitoring of Program Variants in User-Space, 2009
  118. An Integrated Framework for Dependable and Revivable Architectures Using Multicore Processors, 2006
  119. Paladin: Helping Programs Help Themselves with System Call Interposition, 2009
  120. Automatic Generation of Control Flow Hijacking Exploits for Software Vulnerabilities, 2009
  121. Classification of Malicious Distributed SELinux Activities, 2009
  122. Polymorphing Software By Randomizing Data Structure Layout, 2009
  123. Yataglass: Network-Level Code Emulation for Analyzing Memory-Scanning Attacks, 2009
  124. Finding the Bad in Good Code: Automated Return-Oriented Programming Exploit Discovery, 2009
  125. Experimental Validation of Architectural Solutions, 2009
  126. Multi-Variant Execution: Run-Time Defense against Malicious Code Injection Attacks, 2009
  127. Breaking the memory secrecy assumption, 2009
  128. Security by Design, 2009
  129. The Impact of Linux Superuser Privileges on System and Data Security within a Cloud Computing Storage Architecture, 2009
  130. Return-oriented rootkits: Bypassing kernel code integrity protection mechanisms, 2009
  131. Specification and evaluation of polymorphic shellcode properties using a new temporal logic, 2009
  132. Yataglass: Network-level Code Emulation for Analyzing Memory-scanning Attacks, 2009
  133. Protecting Xen hypercalls, 2009
  134. The Impact of Linux Superuser Privileges on System and Data Security Within a Cloud Computing Storage Architecture, 2009
  135. An Examination of the Generic Memory Corruption Exploit Prevention Mechanisms on Apple's Leopard Operating System, 2009
  136. A System Call Randomization Based Method for Countering Code-Injection Attacks, 2009
  137. Surgically returning to randomized lib (c), 2009
  138. Architecture Support for Operating System Survivability and Efficient Bulk Memory Copying and Initialization, 2009
  139. Leveraging Parallel Hardware to Detect, Quarantine, and Repair Malicious Code Injection, 2010
  140. Malicious Shellcode Detection with Virtual Memory Snapshots, 2010
  141. Program Differentiation, 2010
  142. A Comprehensive Analysis of MAC Enhancements for Leveraging Distributed MAC, 2008
  143. Intrusion detection for resource-constrained embedded control systems in the power grid, 2012
  144. Development of an Effective Runtime Defense Algorithm for Web Application Security, 2012
  145. RGBDroid: a novel response-based approach to android privilege escalation attacks, 2012
  146. Stack Layout Transformation: Towards Diversity for Securing Binary Programs, 2012
  147. Effects of Memory Randomization, Sanitization and Page Cache on Memory Deduplication, 2012
  148. A Dynamic Detective Method against ROP Attack on ARM Platform, 2012
  149. Functionality-based application confinement: A parameterised and hierarchical approach to policy abstraction for rule-based application-oriented access controls, 2012
  150. STABILIZER: Statistically Sound Performance Evaluation, 2013
  151. Composable and reusable whole-system offline dynamic analysis, 2012
  152. Light-weight bounds checking, 2012
  153. Safe Loading A Foundation for Secure Execution of Untrusted Programs, 2012
  154. Body armor for binaries: preventing buffer overflows without recompilation, 2012
  155. Memento: Learning Secrets from Process Footprints, 2012
  156. An Empirical Study of Memory Sharing in Virtual Machines, 2012
  157. Automatic generation of policies and roles for role based access control [patent], 2011
  158. Secure sandboxing solution for GNU/Linux, 2011
  159. Attack Surface Reduction For Commodity OS Kernels, 2011
  160. A Comparison of Secure Multi-Tenancy Architectures for Filesystem Storage Clouds, 2011
  161. Lightweight intrusion detection for resource-constrained embedded control systems, 2011
  162. Identifying native applications with high assurance, 2011
  163. Enforcing kernel constraints by hardware-assisted virtualization, 2011
  164. An Information Flow Approach for Preventing Race Conditions: Dynamic Protection of the Linux OS, 2011
  165. Autoscopy Jr.: Intrusion Detection for Embedded Control Systems, 2011
  166. PIGA-HIPS: Protection of a shared HPC cluster, 2011
  167. Practical Data-Leak Prevention for Legacy Applications in Enterprise Networks, 2011
  168. Runtime Attacks: Buffer Overflow and Return-Oriented Programming, 2011
  169. RIPE: runtime intrusion prevention evaluator, 2011
  170. Efficient detection of the return-oriented programming malicious code, 2011
  171. Knowledge Base Model for the Linux Kernel, 2011
  172. Launching Return-Oriented Programming Attacks against Randomized Relocatable Executables, 2011
  173. Address space randomization for mobile devices, 2011
  174. Q: Exploit Hardening Made Easy, 2011
  175. Jump-oriented programming: A new class of code-reuse attack, 2011
  176. Exploiting the Hard-Working DWARF: Trojan and Exploit Techniques Without Native Executable Code, 2011
  177. Privilege escalation attacks on Android, 2011
  178. Revisiting address space randomization, 2011
  179. In-Execution Dynamic Malware Analysis and Detection by Mining Information in Process Control Blocks of Linux OS, 2011
  180. Securing The Kernel via Static Binary Rewriting and Program Shepherding, 2011
  181. Effectiveness of Moving Target Defenses, 2011
  182. On the Expressiveness of Return-into-libc Attacks, 2011
  183. A Robust Kernel-Based Solution to Control-Hijacking Buffer Overflow Attacks, 2011
  184. ROPdefender: A detection tool to defend against return-oriented programming attacks, 2011
  185. Mitigating code-reuse attacks with control-flow locking, 2011
  186. Protecting against address space layout randomisation (ASLR) compromises and return-to-libc attacks using network intrusion detection systems, 2011
  187. Fine-grained user-space security through virtualization, 2011
  188. A study of self-propagating mal-packets in sensor networks: Attacks and defenses, 2011
  189. Cruiser: concurrent heap buffer overflow monitoring using lock-free data structures, 2011
  190. Faults in Linux: Ten years later, 2011
  191. Global ISR: Toward a Comprehensive Defense Against Unauthorized Code Execution, 2011
  192. DESERVE: A Framework for Detecting Program Security Vulnerability Exploitations, 2011
  193. Detecting polymorphic threats [patent], 2010
  194. Countering polymorphic malicious computer code through code optimization [patent], 2009
  195. Dynamic out-of-process software components isolation for trustworthiness execution [patent], 2009
  196. Opening computer files quickly and safely over a network [patent], 2009
  197. Secure execution of a computer program [patent], 2009
  198. Method of address space layout randomization for windows operating systems [patent], 2010
  199. System and method for monitoring interactions between application programs and data stores [patent], 2010
  200. Secure execution of a computer program using a code cache [patent], 2009
  201. Peeping tom in the neighborhood: keystroke eavesdropping on multi-user systems, 2009
  202. Security through diversity: Leveraging virtual machine technology, 2009
  203. Protecting a computer coupled to a network from malicious code infections [patent], 2008
  204. Evaluation of Linux Security Frameworks, 2010
  205. Security in Web Applications and the Implementing of a Ticket Handling System, 2014
  206. Quantifiable Run-time Kernel Attack Surface Reduction, 2013
  207. FIREAXE: The DHS Secure Design Competition Pilot, 2012
  208. Vulnerability Discovery with Attack Injection Software, 2013
  209. ELFbac: Using the Loader Format for Intent-Level Semantics and Fine-Grained Protection, 2013
  210. LGadget: ROP Exploit based on Long Instruction Sequences, 2013
  211. Protecting Function Pointers in Binary, 2013
  212. Attack Surface Metrics and Automated Compile-Time OS Kernel Tailoring, 2013
  213. Towards Formal Verification of Liferay RBAC, 2013
  214. Buffer Overflow Attack Blocking Using MCAIDS - Machine Code Analysis Intrusion Detection System, 2013
  215. Layout Randomization and Nondeterminism, 2014
  216. Booby Trapping Software, 2013
  217. Applications of Cybernetics and Control Theory for a New Paradigm in Cybersecurity, 2013
  218. SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks, 2014
  219. Analyzing the Security of Windows 7 and Linux for Cloud Computing, 2012
  220. Run-time Control Flow Authentication: An Assessment on Contemporary X86 Platforms, 2013
  221. Deadbolt: Locking Down Android Disk Encryption, 2013
  222. A Formal Model and Correctness Proof for an Access Control Policy Framework, 2013
  223. High Assurance Models for Secure Systems, 2013
  224. Operating System Security by Integrity Checking and Recovery Using Write-protected Storage, 2013
  225. Malicious Code Execution Prevention through Function Pointer Protection, 2013
  226. An Approach to Stack Overflow Counter-measures Using Kernel Properties, 2013
  227. Marlin: A fine grained randomization approach to defend against ROP attacks, 2013
  228. Defending against heap overflow by using randomization in nested virtual clusters, 2013
  229. ModuleGuard: A Gatekeeper for Dynamic Module Loading Against Malware, 2013
  230. SecGOT: Secure Global Offset Tables in ELF Executables, 2013
  231. iProbe: A lightweight user-level dynamic instrumentation tool, 2013
  232. On Layout Randomization for Arrays and Functions, 2013
  233. JSGuard: Shellcode Detection in JavaScript, 2012
  234. Profile-guided Automated Software Diversity, 2013
  235. HeapSentry: Kernel-assisted Protection against Heap Overflows, 2013
  236. Gadge Me If You Can, 2013
  237. Systematic Analysis of Defenses Against Return-Oriented Programming, 2013
  238. Practical Control Flow Integrity & Randomization for Binary Executables, 2013
  239. SoK: Eternal War in Memory, 2013
  240. Practical Timing Side Channel Attacks Against Kernel Space ASLR, 2013
  241. ASIST: Architectural Support for Instruction Set Randomization, 2013
  242. A Systematic Analysis of Defenses Against Code Reuse Attacks, 2013
  243. SafeStack: Automatically Patching Stack-based Buffer Overflow Vulnerabilities, 2013
  244. SCRAP: Architecture for Signature-Based Protection from Code Reuse Attacks, 2013
  245. CPM: Masking Code Pointers to Prevent Code Injection Attacks, 2013
  246. FrankenSSL: Recombining Cryptographic Libraries to Create Software Variants, 2016
  247. Counter-Measures against Stack Buffer Overflows in GNU/Linux Operating Systems, 2016
  248. Intrusion Prevention and Detection in Grid Computing-The ALICE Case, 2015
  249. Firmwall: Protecting hard disk firmware, 2014
  250. Sandboxing in Linux: From Smartphone to Cloud, 2016
  251. Libra: An Adaptive Method for Protecting Memory from Arbitrary Overwrite, 2016
  252. Reins to the Cloud: Compromising Cloud Systems via the Data Plane, 2016
  253. From chroot over containers to Docker, 2016
  254. Security Analysis of Linux Kernel Features for Embedded Software Systems in Vehicles, 2015
  255. Towards Access Control for Isolated Applications, 2016
  256. Apate Interpreter-A Kernel Hook Rule Engine, 2015
  257. Kernel Based Process Level Authentication Framework for Secure Computing and High Level System Assurance, 2014
  258. Hypervisor-vs. Container-based Virtualization, 2016
  259. Pitfalls of virtual machine introspection on modern hardware, 2014
  260. A Cyber Attack-Resilient Server Using Hybrid Virtualization, 2016
  261. Process Table Covert Channels: Exploitation and Countermeasures, 2016
  262. Secure Authentication: Eliminating Possible Backdoors in Client-Server Endorsement, 2016
  263. Writing parsers like it is 2017, 2017
  264. A visitation of sysdig, 2014
  265. Dynamic reconstruction of relocation information for stripped binaries, 2014
  266. Mitigation of Virtunoid Attacks on Cloud Computing Systems, 2015
  267. Bridging the detection gap: a study on a behavior-based approach using malware techniques, 2014
  268. Android patching from a mobile device management perspective, 2014
  269. Security by design, 2016
  270. Address-Oblivious Code Reuse: On the Effectiveness of Leakage-Resilient Diversity, 2017
  271. Virtual Machine Introspection with Xen on ARM, 2015
  272. A Tour Beyond BIOS-Security Enhancement to Mitigate Buffer Overflow in UEFI, 2016
  273. SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities, 2017
  274. Defeating ROP Through Dynamically Encrypted Return Addresses, 2014
  275. HARES: Hardened anti-reverse engineering system, 2015
  276. Apate-A Linux Kernel Module for High Interaction Honeypots, 2015
  277. Process authentication for high system assurance, 2014
  278. Breaking Active-Set Backward-Edge Control-Flow Integrity, 2017
  279. NFV: Security Threats and Best Practices, 2017
  280. Protecting Commodity Operating Systems through Strong Kernel Isolation, 2015
  281. Interrupt-oriented Bugdoor Programming: A minimalist approach to bugdooring embedded systems firmware, 2014
  282. Data Is Flowing in the Wind: A Review of Data-Flow Integrity Methods to Overcome Non-Control-Data Attacks, 2016
  283. Security analysis of mobile two-factor authentication schemes, 2014
  284. Advancing Future Network Science through Content Understanding, 2014
  285. Detecting Stack Layout Corruptions with Robust Stack Unwinding, 2016
  286. How the ELF Ruined Christmas, 2015
  287. Own Your Android! Yet Another Universal Root, 2015
  288. Resilient and trustworthy dynamic data-driven application systems (DDDAS) services for crisis management environments, 2015
  289. Measuring the Impact of Spectre and Meltdown, 2018
  290. Anomaly Detection for RBAC Systems in UNIX/Linux Environment with User Behavior, 2018
  291. On the Effectiveness of Type-based Control Flow Integrity, 2018
  292. Taking Control of SDN-based Cloud Systems via the Data Plane, 2018
  293. SoK: Make JIT-Spray Great Again, 2018
  294. Towards Linux Kernel Memory Safety, 2018
  295. On the Effectiveness of Control-Flow Integrity Against Modern Attack Techniques, 2019
  296. Categorizing container escape methodologies in multi-tenant environments, 2018
  297. Component-oriented access control - Application servers meet tuple spaces for the masses, 2018
  298. FUZE: Towards Facilitating Exploit Generation for Kernel Use-After-Free Vulnerabilities, 2018
  299. Mitigating Data Leakage by Protecting Memory-resident Sensitive Data, 2019
  300. A Mathematical Modeling of Exploitations and Mitigation Techniques Using Set Theory, 2018
  301. Control-Flow Integrity for the Linux kernel: A Security Evaluation, 2019
  302. Control-Flow Integrity: Attacks and Protections, 2019
  303. IskiOS: Lightweight Defense Against Kernel-Level Code-Reuse Attacks, 2019
  304. Fine-Grained Control-Flow Integrity Based on Points-to Analysis for CPS, 2018
  305. Examining the Network & Security Infrastructure of Skype Mobile Application, 2018
  306. Efficient security analysis of Administrative Access Control Policies, 2018
  307. Exploiting stack-based buffer overflow using modern day techniques, 2019
  308. Address space layout randomization next generation, 2019
  309. Evaluating Approaches for Detecting and Eliminating Memory Safety Errors in Linux Kernel Programming, 2019
  310. Hiding in the Shadows: Empowering ARM for Stealthy Virtual Machine Introspection, 2018
  311. Pex: A Permission check analysis framework for linux kernel, 2019
  312. Categorizing and predicting invalid vulnerabilities on common vulnerabilities and exposures, 2018
  313. A tool to compute approximation matching between windows processes, 2018
  314. Detecting Kernel Memory Disclosure with x86 Emulation and Taint Tracking, 2018
  315. Dissecting QNX, 2018
  316. Industrial experiences with resource management under software randomization in ARIN653 avionics environments, 2018
  317. Diversity and information leaks, 2018
  318. Towards the Hypervision of Hardware-based Control Flow Integrity for Arm Platforms, 2019
  319. A binary-compatible unikernel, 2019
  320. A binary analysis approach to retrofit security in input parsing routines, 2018
  321. {KEPLER}: Facilitating Control-flow Hijacking Primitive Evaluation for Linux Kernel Vulnerabilities, 2019
  322. SlimGuard: Design and Implementation of a Memory Efficient and Secure Heap Allocator, 2020
  323. Code-Pointer Integrity, 2014
  324. Leakage is prohibited: memory protection extensions protected address space randomization, 2019
  325. KALD: Detecting Direct Pointer Disclosure Vulnerabilities, 2019
  326. Hardware control flow integrity, 2018
  327. Checked C: Making C safe by extension, 2018
  328. Security and Performance Analysis of Custom Memory Allocators, 2019
  329. ROPMate: Visually Assisting the Creation of ROP-based Exploits, 2018
  330. Cloud Platform for the Deployment of Online Data Analytics Application Oriented Services, 2018
  331. Sleak: automating address space layout derandomization, 2019
  332. Verifying Data-Oriented Gadgets in Binary Programs to Build Data-Only Exploits, 2018
  333. OS-level Attacks and Defenses: from Software to Hardware-based Exploits, 2019
  334. Arhuaco: Deep Learning and Isolation Based Security for Distributed High-Throughput Computing, 2019
  335. Achieving safety incrementally with checked c, 2019
  336. Technical Report: A Toolkit for Runtime Detection of Userspace Implants, 2019
  337. Designing Practical Software Bug Detectors Using Commodity Hardware and Common Programming Patterns, 2020
  338. Operating Systems & Virtualisation Security, 2019
  339. The ROP needle: hiding trigger-based injection vectors via code reuse, 2019
  340. KASLR-MT: Kernel Address Space Layout Randomization for Multi-Tenant cloud systems, 2020
  341. Automatic Exploitation of Fully Randomized Executables, 2019
  342. Idols with Feet of Clay: On the Security of Bootloaders and Firmware Updaters for the IoT, 2019
  343. Integrity verification of Docker containers for a lightweight cloud environment, 2019
  344. Nibbler: debloating binary shared libraries, 2019
  345. Is Less Really More? Why Reducing Code Reuse Gadget Counts via Software Debloating Doesn't Necessarily Lead to Better Security, 2019
  346. Block oriented programming: Automating data-only attacks, 2018
  347. Container-IMA: A privacy-preserving Integrity Measurement Architecture for Containers, 2019
  348. Automated vulnerability detection system based on commit messages, 2019
  349. SGXJail: Defeating Enclave Malware via Confinement, 2019
  350. Shredder: Breaking exploits through API specialization, 2018
  351. DR. SGX: automated and adjustable side-channel protection for SGX using data location randomization, 2019
  352. gExtractor: Towards Automated Extraction of Malware Deception Parameters, 2018
  353. Emerging Trends, Techniques and Open Issues of Containerization: A Review, 2019
  354. Testbed Design For Evaluation Of Active Cyber Defense Systems, 2018
  355. Vulnerability-tolerant secure architectures, 2018
  356. Enforcing unique code target property for control-flow integrity, 2018
  357. Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets, 2018
  358. ARM Pointer Authentication based Forward-Edge and Backward-Edge Control Flow Integrity for Kernels, 2019
  359. Binary debloating for security via demand driven loading, 2019
  360. Multi-variant execution environments, 2018
  361. Slicedup: A Tenant-Aware Memory Deduplication for Cloud Computing, 2018
  362. Silhouette: Efficient Intra-Address Space Isolation for Protected Shadow Stacks on Embedded Systems, 2019
  363. {ACES}: Automatic Compartments for Embedded Systems, 2018
  364. STEROIDS for DOPed Applications: A Compiler for Automated Data-Oriented Programming, 2019
  365. TF-BIV: transparent and fine-grained binary integrity verification in the cloud, 2019
  366. FIXER: Flow Integrity Extensions for Embedded RISC-V, 2019
  367. SADAN: Scalable Adversary Detection in Autonomous Networks, 2019
  368. Opportunistic Diversity-Based Detection of Injection Attacks in Web Applications, 2018
  369. Hardware-assisted memory safety, 2020
  370. {DEEPVSA}: Facilitating Value-set Analysis with Deep Learning for Postmortem Program Analysis, 2019
  371. A Survey of Research on Runtime Rerandomization Under Memory Disclosure, 2019
  372. From proof-of-concept to exploitable, 2019
  373. On the Effectiveness of Hardware Enforced Control Flow Integrity, 2018
  374. Exploiting Memory Corruption Vulnerabilities in Connman for IoT Devices, 2019
  375. From IP ID to Device ID and KASLR Bypass (Extended Version), 2019
  376. Investigation of x64 glibc heap exploitation techniques on Linux, 2019
  377. HW-CDI: Hard-Wired Control Data Integrity, 2019
  378. Evaluation of Register Number Abstraction for Enhanced Instruction Register Files, 2018
  379. Detecting and Surviving Intrusions: Exploring New Host-Based Intrusion Detection, Recovery, and Response Approaches, 2019
  380. Defeating denial-of-service attacks in a self-managing N-variant system, 2019
  381. Built-in Return Oriented Programs in Embedded Systems and Deep Learning for Hardware Trojan Detection, 2019
  382. BoundShield: Comprehensive Mitigation for Memory Disclosure Attacks via Secret Region Isolation, 2018
  383. Development and Evaluation of a Generic Framework for Sensor Data Acquisition, Aggregation and Propagation in HPC Systems, 2019
  384. Survey of randomization defenses on cloud computing, 2018
  385. Code-less patching for heap vulnerabilities using targeted calling context encoding, 2018
  386. HeapTherapy+: Efficient Handling of (Almost) All Heap Vulnerabilities Using Targeted Calling-Context Encoding, 2019
  387. iReplayer: in-situ and identail record-and-replay for multithreaded applications, 2018
  388. kMVX: Detecting Kernel Information Leaks with Multi-variant Execution, 2019
  389. To detect stack buffer overflow with polymorphic canaries, 2018
  390. DOPdefenderPlus: a data-oriented programming attack mitigation technique for complex software, 2019
  391. GMOD: a dynamic GPU memory overflow detector, 2018
  392. Position-independent code reuse: On the effectiveness of ASLR in the absence of information disclosure, 2018
  393. A tutorial on software obfuscation, 2018
  394. DRIVE: Dynamic Runtime Integrity Verification and Evaluation, 2018
  395. Identification and Exploitation of Vulnerabilities in a Large-Scale ITSystem, 2019
  396. On the Pitfalls and Vulnerabilities of Schedule Randomization against Schedule-Based Attacks, 2019
  397. SPECCFI: Mitigating Spectre Attacks using CFI Informed Speculation, 2019
  398. Extension Framework for file systems in user space, 2019
  399. Morpheus: A vulnerability-tolerant secure architecture based on ensembles of moving target defenses with churn, 2019
  400. Compiler-assisted code randomization, 2018
  401. Speculose: Analyzing the security implications of speculative execution in CPUs, 2018
  402. RVFUZZER: finding input validation bugs in robotic vehicles through control-guided testing, 2019
  403. Using Safety Properties to Generate Vulnerability Patches, 2019
  404. Record-replay architecture as a general security framework, 2018
  405. Fine-CFI: Fine-grained control flow integrity for operating system kernels, 2018
  406. Leveraging Processor Features for System Security, 2019
  407. Finding and Mitigating Memory Corruption Errors in Systems Software, 2018
  408. Mitigating Memory Randomization Weaknesses via Moving Target Defense, 2018
  409. Defeating Code-Reuse Attacks with Binary Instrumentation, 2018
  410. Kernel protection against just-in-time code reuse, 2019
  411. Efficient Anomalous Behavior Detection on ARM using the Debug Interface, 2018
  412. Making Code Re-randomization Practical with MARDU, 2019
  413. Security Applications of Static Program Analysis, 2018
  414. A Survey of various threats and current state of security in android platform, 2019
  415. Automated CFI Policy Assessment with Reckon, 2018
  416. REPICA: Rewriting Position Independent Code of ARM, 2018
  417. From hack to elaborate technique - a survey on binary rewriting, 2019
  418. Finding Focus in the Blur of Moving Target Techniques [abstract], 2013
  419. Diversity in Cloud Systems Through Runtime and Compile-time Relocation [abstract], 2013
  420. HyperCheck: A Hardware-Assisted Integrity Monitor [abstract], 2013
  421. A secure architecture design based on application isolation, code minimization and randomization [abstract], 2013
  422. Defending Return-oriented Programming Based on Virtualization Techniques [abstract], 2013
  423. Diversifying the Software Stack Using Randomized NOP Insertion [abstract], 2013
  424. JITSafe: A Framework Against Just-in-time Spraying Attacks [abstract], 2013
  425. Detecting Return Oriented Programming by Examining Positions of Saved Return Addresses [abstract], 2013
  426. Defense against Stack-Based Attacks Using Speculative Stack Layout Transformation [abstract], 2013
  427. Mandatory Access Control with a Multi-level Reference Monitor: PIGA-cluster [abstract], 2013
  428. Detecting Code Injection Attacks at TLB Miss [abstract], 2013
  429. Software Crash Analysis for Automatic Exploit Generation on Binary Programs [abstract], 2014
  430. Software Cruising: A New Technology for Building Concurrent Software Monitor [abstract], 2014
  431. Permanent protection of information systems with method of automated security and integrity control [abstract], 2010
  432. The dark side of the Internet: Attacks, costs and responses [abstract], 2011
  433. Implicit Buffer Overflow Protection Using Memory Segregation, 2011
  434. OverCovert: Using Stack-Overflow Software Vulnerability to Create a Covert Channel [abstract], 2011
  435. Automatic construction of jump-oriented programming shellcode (on the x86) [abstract], 2011
  436. Compiler-Generated Software Diversity, 2011
  437. Securing heap memory by data pointer encoding [abstract], 2011
  438. JITDefender: A Defense against JIT Spraying Attacks [abstract], 2011
  439. Spy vs. Spy: counter-intelligence methods for backtracking malicious intrusions [abstract], 2011
  440. Enhancing MAC Security Model with Meta-Policy approach using an Intelligent Anomaly based HIDS [abstract], 2011
  441. Attack surface reduction for commodity OS kernels: trimmed garden plants may attract less bugs [abstract], 2011
  442. Advanced MAC in HPC systems: performance improvement [abstract], 2012
  443. Surreptitious Deployment and Execution of Kernel Agents in Windows Guests [abstract], 2012
  444. Survey on malware evasion techniques: State of the art and challenges [abstract], 2012
  445. A New Data Randomization Method to Defend Buffer Overflow Attacks [abstract], 2012
  446. Directed Hidden-Code Extractor for Environment-Sensitive Malwares [abstract], 2012
  447. Improving Mandatory Access Control for HPC Clusters [abstract], 2012
  448. A Novel Approach Against the System Buffer Overflow [abstract], 2010
  449. Automated Software Vulnerability Analysis [abstract], 2009
  450. Probability Based Risk Analysis for a VoIP System [abstract], 2009
  451. A DLL Protection Mechanism with Larger Random Entropy for Windows Vista [abstract], 2009
  452. Dynamic integrity measurement and attestation: towards defense against return-oriented programming attacks [abstract], 2009
  453. Address-space layout randomization using code islands [abstract], 2009
  454. Security Systems Design and Analysis Using an Integrated Rule-Based Systems Approach [abstract], 2005
  455. AIFD: A Runtime Solution to Buffer Overflow Attack [abstract], 2007
  456. Hardware Stack Design: Toward an Effective Defence Against Frame Pointer Overwrite Attacks [abstract], 2006
  457. An Efficient Pointer Protection Scheme to Defend Buffer Overflow Attacks [abstract], 2005
  458. Design and Implementation of an Extended Reference Monitor for Trusted Operating Systems [abstract], 2006
  459. Enforcement of Integrated Security Policy in Trusted Operating Systems [abstract], 2007
  460. Application of an Online Judge & Contester System in Academic Tuition [abstract], 2008
  461. Return Address Randomization Scheme for Annuling Data-Injection Buffer Overflow Attacks [abstract], 2006
  462. Rootkit modeling and experiments under Linux [abstract], 2008
  463. PrISM: Automatic Detection and Prevention from Cyber Attacks [abstract], 2008
  464. A Theory of Secure Control Flow [abstract], 2005
  465. Detection and Diagnosis of Control Interception [abstract], 2008
  466. Efficient and Practical Control Flow Monitoring for Program Security [abstract], 2008
  467. Static Analysis on x86 Executables for Preventing Automatic Mimicry Attacks [abstract], 2007
  468. Linux 2.6 kernel exploits [abstract], 2007
  469. A Policy Language for the Extended Reference Monitor in Trusted Operating Systems [abstract], 2007
  470. Intrusion detection and security policy framework for distributed environments [abstract], 2005
  471. Integration of trusted operating system from open source [abstract], 2003
  472. Towards the specification of access control policies on multiple operating systems [abstract], 2004
  473. Detecting kernel-level rootkits through binary analysis [abstract], 2004
  474. A Collaborative Approach for Access Control, Intrusion Detection and Security Testing [abstract], 2006
  475. Buffer overflow protection based on adjusting code segment limit [abstract], 2005
  476. The Design of a Generic Intrusion Tolerant Architecture for Web Servers [abstract], 2008
  477. Supporting access control policies across multiple operating systems [abstract], 2005
  478. Model-driven configuration of os-level mandatory access control: research abstract [abstract], 2008
  479. A simple implementation and performance evaluation extended-role based access control [abstract], 2005
  480. Design space and analysis of worm defense strategies [abstract], 2006
  481. ASSURE: automatic software self-healing using rescue points [abstract], 2009
  482. Self-healing control flow protection in sensor applications [abstract], 2009
  483. Return Protector: A Protection Mechanism for Return-into-libc Attacks by Checking the Return Address [abstract], 2009
  484. A specification language for information security policies [abstract], 2009
  485. DROP: Detecting Return-Oriented Programming Malicious Code [abstract], 2009
  486. Enforcement of Security Properties for Dynamic MAC Policies [abstract], 2009
  487. Generation of Role Based Access Control Security Policies for Java Collaborative Applications [abstract], 2009
  488. A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability [abstract], 2009
  489. Practicality of Using Side-Channel Analysis for Software Integrity Checking of Embedded Systems [abstract], 2015
  490. Protecting sensitive information in the volatile memory from disclosure attacks [abstract], 2016
  491. Monitoring translation lookahead buffers to detect code injection attacks [abstract], 2014
  492. Implementing a vertically hardened DNP3 control stack for power applications [abstract], 2016
  493. Complex event processing for reactive security monitoring in virtualized computer systems [abstract], 2015
  494. Providing Security in Container-Based HPC Runtime Environments [abstract], 2016
  495. Behavior based authentication mechanism to prevent malicious code attacks in windows [abstract], 2015
  496. Agent based public audit for secured cloud storage [abstract], 2015
  497. Attack Mitigation by Data Structure Randomization [abstract], 2016
  498. LRBAC: Flexible function-level hierarchical role based access control for Linux [abstract], 2015
  499. All your cluster-grids are belong to us: Monitoring the (in) security of infrastructure monitoring systems [abstract], 2015
  500. Umbra: Embedded Web Security Through Application-Layer Firewalls [abstract], 2015
  501. Randomization Can't Stop BPF JIT Spray [abstract], 2017
  502. Design and Implementation of Efficient Mitigation against Return-oriented Programming [abstract], 2014
  503. Improvement of Runtime Intrusion Prevention Evaluator (RIPE) [abstract], 2015
  504. Dynaguard: Armoring canary-based protections against brute-force attacks [abstract], 2015
  505. Detection Mechanism against Code Re-use Attack in Stack region [abstract], 2014
  506. Securing the cloud using Quantum Networking protocols [abstract], 2016
  507. Healthcare Privacy: How Secure Are the VOIP/Video-Conferencing Tools for PHI Data? [abstract], 2015
  508. StemJail: Dynamic Role Compartmentalization [abstract], 2016
  509. Caml crush: A pkcs#11 filtering proxy [abstract], 2014
  510. Runtime Integrity Checking for Exploit Mitigation on Lightweight Embedded Devices [abstract], 2016
  511. A tale of two kernels: Towards ending kernel hardening wars with split kernel [abstract], 2014
  512. Component-oriented access control -- Application servers meet tuple spaces for the masses [abstract], 2017
  513. Toward preventing stack overflow using kernel properties [abstract], 2014
  514. Control jujutsu: On the weaknesses of fine-grained control flow integrity [abstract], 2015
  515. ROPMEMU: A framework for the analysis of complex code-reuse attacks [abstract], 2016
  516. SAFECode whitepaper: fundamental practices for secure software development [abstract], 2014
  517. Mandatory access protection within cloud systems [abstract], 2014
  518. Secure patrol: Patrolling against buffer overflow exploits [abstract], 2014
  519. DATAEvictor: To Reduce the Leakage of Sensitive Data Targeting Multiple Memory Copies and Data Lifetimes [abstract], 2014
  520. Fusion Trust Service Assessment for Crisis Management Environments [abstract], 2016
  521. A Systematic Exploit Strengthening Method Integrating with Penetration Testing Framework [abstract], 2015
  522. You can run but you can't read: Preventing disclosure exploits in executable code [abstract], 2014
  523. KMO: Kernel Memory Observer to Identify Memory Corruption by Secret Inspection Mechanism [abstract], 2019
  524. A Survey of Code Reuse Attack and Defense [abstract], 2018
  525. A Correlation-aware Diverse Variant Placement to Increase Network Resilience [abstract], 2018
  526. Feedback control can make data structure layout randomization more cost-effective under zero-day attacks [abstract], 2018
  527. Low-Level Memory Attacks on Automotive Embedded Systems [abstract], 2018
  528. MTD Techniques for memory protection against zero-day attacks [abstract], 2019
  529. Evaluating control-flow restricting defenses [abstract], 2018
  530. Safe trans loader: mitigation and prevention of memory corruption attacks for released binaries [abstract], 2018
  531. A Comprehensive Detection of Memory Corruption Vulnerabilities for C/C++ Programs [abstract], 2018
  532. How memory safety violations enable exploitation of programs [abstract], 2018
  533. CloudCFI: Context-Sensitive and Incremental CFI in the Cloud Environment [abstract], 2019
  534. Mitigating malicious packets attack via vulnerability-aware heterogeneous network devices assignment [abstract], 2019
  535. How Kernel Randomization is Canceling Memory Deduplication in Cloud Computing Systems [abstract], 2018
  536. Protecting dynamic code [abstract], 2018
  537. Shapeshifter: Intelligence-driven data plane randomization resilient to data-oriented programming attacks [abstract], 2020
  538. Profile-guided code identification and hardening using return oriented programming [abstract], 2019
  539. SMP: A New Mechanism to Mitigate Control-Flow Hijacking Attacks [abstract], 2018
  540. Attacking dynamic code [abstract], 2018
  541. Dynamic reencryption of return addresses [abstract], 2018
  542. Data-flow bending: On the effectiveness of data-flow integrity [abstract], 2019
  543. gExtractor: Automated Extraction of Malware Deception Parameters for Autonomous Cyber Deception [abstract], 2019
  544. DOPdefender: An approach to thwarting data-oriented programming attacks based on a data-aware automaton [abstract], 2019
  545. Security Analysis of Processor Instruction Set Architecture for Enforcing Control-Flow Integrity [abstract], 2019
  546. STACKEEPER: A Static Source Code Analzyer to Detect Stack-based Uninitialized Use Vulnerabilities [abstract], 2018
  547. A survey of side-channel attacks on caches and countermeasures [abstract], 2018
  548. A survey on the moving target defense strategies: An architectural perspective [abstract], 2019
  549. Tmdfi: Tagged memory assisted for fine-grained data-flow integrity towards embedded systems against software exploitation [abstract], 2018
  550. An exploratory analysis of microcode as a building block for system defenses [abstract], 2018
  551. Exploiting buffer overflow vulnerabilities in software defined radios [abstract], 2018
  552. Breakpad: Diversified Binary Crash Reporting [abstract], 2018
  553. Semi-synchronized Non-blocking Concurrent Kernel Cruising [abstract], 2020
  554. Real-Time Address Leak Detection on the Dynamorio Platform Using Dynamic Taint Analysis [abstract], 2018
  555. Additional Kernel Observer to Prevent Privilege Escalation Attacks by Focusing on System Call Privilege Changes [abstract], 2018
  556. Function-oriented programming: A new class of code reuse attack in c applications [abstract], 2018
  557. MicroGuard: Securing Bare-Metal Microcontrollers against Code-Reuse Attacks [abstract], 2019
  558. A Survey of Exploitation Techniques and Defenses for Program Data Attacks [abstract], 2020
  559. HarTBleed: Using Hardware Trojans for Data Leakage Exploits [abstract], 2020
  560. Predictability of IP address allocations for cloud computing platforms [abstract], 2019
  561. Secure and Efficient Control Data Isolation with Register-based Data Cloaking [abstract], 2019
  562. Layered Object-Oriented Programming: Advanced VTable Reuse Attacks on Binary-Level Defense [abstract], 2018