Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., … Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). doi:10.1109/isca.2014.6853210
Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad. Proceedings of the 15th ACM conference on Computer and communications security - CCS ’08. doi:10.1145/1455770.1455776
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866370
[+]
Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J. H., Lee, D., … Mutlu, O. (2014). Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. 2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA). doi:10.1109/isca.2014.6853210
Buchanan, E., Roemer, R., Shacham, H., & Savage, S. (2008). When good instructions go bad. Proceedings of the 15th ACM conference on Computer and communications security - CCS ’08. doi:10.1145/1455770.1455776
Checkoway, S., Davi, L., Dmitrienko, A., Sadeghi, A.-R., Shacham, H., & Winandy, M. (2010). Return-oriented programming without returns. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866370
Bletsch, T., Jiang, X., Freeh, V. W., & Liang, Z. (2011). Jump-oriented programming. Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS ’11. doi:10.1145/1966913.1966919
Bosman, E., & Bos, H. (2014). Framing Signals - A Return to Portable Shellcode. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.23
GCC Extension for Protecting Applications from Stack-Smashing Attacks (ProPolice) http://www.trl.ibm.com/projects/security/ssp/
Address Space Layout Randomization http://pax.grsecurity.net/docs/aslr.txt
Lu, K., Song, C., Lee, B., Chung, S. P., Kim, T., & Lee, W. (2015). ASLR-Guard. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813694
New Security Enhancementsin Red Hat Enterprise Linux http://www.redhat.com/f/pdf/rhel/WHP0006US_Execshield.pdf
Wehbe, T., Mooney, V., & Keezer, D. (2018). Hardware-Based Run-Time Code Integrity in Embedded Devices. Cryptography, 2(3), 20. doi:10.3390/cryptography2030020
Nanda, S., Li, W., Lam, L., & Chiueh, T. (2006). Foreign Code Detection on the Windows/X86 Platform. 2006 22nd Annual Computer Security Applications Conference (ACSAC’06). doi:10.1109/acsac.2006.29
CWE Category http://cwe.mitre.org/
Stack-Based Buffer Overflow Attacks: What You Need to Know https://blog.rapid7.com/2019/02/19/stack-based-buffer-overflow-attacks-what-you-need-to-know/
Novark, G., & Berger, E. D. (2010). DieHarder. Proceedings of the 17th ACM conference on Computer and communications security - CCS ’10. doi:10.1145/1866307.1866371
Dietz, W., Li, P., Regehr, J., & Adve, V. (2015). Understanding Integer Overflow in C/C++. ACM Transactions on Software Engineering and Methodology, 25(1), 1-29. doi:10.1145/2743019
Dowson, M. (1997). The Ariane 5 software failure. ACM SIGSOFT Software Engineering Notes, 22(2), 84. doi:10.1145/251880.251992
An Introduction to Use After Free Vulnerabilities https://www.purehacking.com/blog/lloyd-simon/an-introduction-to-use-after-free-vulnerabilities
Null Dereference https://www.owasp.org/index.php/Null_Dereference
Code Injection https://www.owasp.org/index.php/Code_Injection
Performing a Ret2libc Attack https://www.shellblade.net/docs/ret2libc.pdf
Roglia, G. F., Martignoni, L., Paleari, R., & Bruschi, D. (2009). Surgically Returning to Randomized lib(c). 2009 Annual Computer Security Applications Conference. doi:10.1109/acsac.2009.16
Guan, L., Lin, J., Luo, B., Jing, J., & Wang, J. (2015). Protecting Private Keys against Memory Disclosure Attacks Using Hardware Transactional Memory. 2015 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2015.8
Defending against Return-Oriented Programming https://www.cs.columbia.edu/~angelos/Papers/theses/vpappas_thesis.pdf
Niu, B., & Tan, G. (2015). Per-Input Control-Flow Integrity. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813644
Mashtizadeh, A. J., Bittau, A., Boneh, D., & Mazières, D. (2015). CCFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813676
Muench, M., Pagani, F., Shoshitaishvili, Y., Kruegel, C., Vigna, G., & Balzarotti, D. (2016). Taming Transactions: Towards Hardware-Assisted Control Flow Integrity Using Transactional Memory. Lecture Notes in Computer Science, 24-48. doi:10.1007/978-3-319-45719-2_2
How Does RAP Works https://grsecurity.net/rap_faq.php
Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2005). Control-flow integrity. Proceedings of the 12th ACM conference on Computer and communications security - CCS ’05. doi:10.1145/1102120.1102165
Abadi, M., Budiu, M., Erlingsson, Ú., & Ligatti, J. (2009). Control-flow integrity principles, implementations, and applications. ACM Transactions on Information and System Security, 13(1), 1-40. doi:10.1145/1609956.1609960
Hawkins, B., Demsky, B., & Taylor, M. B. (2016). BlackBox: lightweight security monitoring for COTS binaries. Proceedings of the 2016 International Symposium on Code Generation and Optimization - CGO 2016. doi:10.1145/2854038.2854062
Zhang, J., Hou, R., Fan, J., Liu, K., Zhang, L., & McKee, S. A. (2017). RAGuard. Proceedings of the Computing Frontiers Conference on ZZZ - CF’17. doi:10.1145/3075564.3075570
Burow, N., Carr, S. A., Nash, J., Larsen, P., Franz, M., Brunthaler, S., & Payer, M. (2017). Control-Flow Integrity. ACM Computing Surveys, 50(1), 1-33. doi:10.1145/3054924
Hu, H., Qian, C., Yagemann, C., Chung, S. P. H., Harris, W. R., Kim, T., & Lee, W. (2018). Enforcing Unique Code Target Property for Control-Flow Integrity. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3243734.3243797
Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Szekeres, L., McCamant, S., … Wei Zou. (2013). Practical Control Flow Integrity and Randomization for Binary Executables. 2013 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2013.44
Qiu, P., Lyu, Y., Zhang, J., Wang, D., & Qu, G. (2018). Control Flow Integrity Based on Lightweight Encryption Architecture. IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems, 37(7), 1358-1369. doi:10.1109/tcad.2017.2748000
Criswell, J., Dautenhahn, N., & Adve, V. (2014). KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels. 2014 IEEE Symposium on Security and Privacy. doi:10.1109/sp.2014.26
Evans, I., Long, F., Otgonbaatar, U., Shrobe, H., Rinard, M., Okhravi, H., & Sidiroglou-Douskos, S. (2015). Control Jujutsu. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813646
Control Flow Guard https://courses.cs.washington.edu/courses/cse484/14au/reading/25-years-vulnerabilities.pdf
Li, J., Tong, X., Zhang, F., & Ma, J. (2018). Fine-CFI: Fine-Grained Control-Flow Integrity for Operating System Kernels. IEEE Transactions on Information Forensics and Security, 13(6), 1535-1550. doi:10.1109/tifs.2018.2797932
Introduction to Intel® Memory Protection Extensions https://software.intel.com/en-us/articles/introduction-to-intel-memory-protection-extensions
Van der Veen, V., Andriesse, D., Göktaş, E., Gras, B., Sambuc, L., Slowinska, A., … Giuffrida, C. (2015). Practical Context-Sensitive CFI. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813673
Biondo, A., Conti, M., & Lain, D. (2018). Back To The Epilogue: Evading Control Flow Guard via Unaligned Targets. Proceedings 2018 Network and Distributed System Security Symposium. doi:10.14722/ndss.2018.23318
Van der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., & Giuffrdia, C. (2017). The Dynamics of Innocent Flesh on the Bone. Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. doi:10.1145/3133956.3134026
Zhang, J., Qi, B., Qin, Z., & Qu, G. (2019). HCIC: Hardware-Assisted Control-Flow Integrity Checking. IEEE Internet of Things Journal, 6(1), 458-471. doi:10.1109/jiot.2018.2866164
Wang, X., Huang, F., & Chen, H. (2019). DTrace: fine-grained and efficient data integrity checking with hardware instruction tracing. Cybersecurity, 2(1). doi:10.1186/s42400-018-0018-3
Christoulakis, N., Christou, G., Athanasopoulos, E., & Ioannidis, S. (2016). HCFI. Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy - CODASPY ’16. doi:10.1145/2857705.2857722
Windows 10 Control Flow Guard Internals http://www.powerofcommunity.net/poc2014/mj0011.pdf
Crane, S. J., Franz, M., Volckaert, S., Schuster, F., Liebchen, C., Larsen, P., … De Sutter, B. (2015). It’s a TRaP. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS ’15. doi:10.1145/2810103.2813682
Zhang, M., Qiao, R., Hasabnis, N., & Sekar, R. (2014). A platform for secure static binary instrumentation. ACM SIGPLAN Notices, 49(7), 129-140. doi:10.1145/2674025.2576208
Dang, T. H. Y., Maniatis, P., & Wagner, D. (2015). The Performance Cost of Shadow Stacks and Stack Canaries. Proceedings of the 10th ACM Symposium on Information, Computer and Communications Security - ASIA CCS ’15. doi:10.1145/2714576.2714635
[-]
