Control flow ≈ Control flow
View article
Control-Flow Integrity Open
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today’s systems. Control-flow hijacking attacks exploit memory corruption vulnerabilities to divert program execution away from the int…
View article
Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing Open
In this paper, we explore a new, yet critical, side-channel attack against Intel Software Guard Extension (SGX), called a branch shadowing attack, which can reveal fine-grained control flows (i.e., each branch) of an enclave program runnin…
View article
A Combination Method for Android Malware Detection Based on Control Flow Graphs and Machine Learning Algorithms Open
Android malware severely threaten system and user security in terms of privilege escalation, remote control, tariff theft, and privacy leakage. Therefore, it is of great importance and necessity to detect Android malware. In this paper, we…
View article
Fallout Open
sponsorship: This work has been supported by the Austrian Research Promotion Agency (FFG) via the project ESPRESSO, which is funded by the Province of Styria and the Business Promotion Agencies of Styria and Carinthia. It was also supporte…
View article
LVI: Hijacking Transient Execution through Microarchitectural Load Value Injection Open
sponsorship: This research is partially funded by the Research Fund KU Leuven, and by the Agency for Innovation and Entrepreneurship (Flanders). Jo Van Bulck is supported by a grant of the Research Foundation -Flanders (FWO). Daniel Moghim…
View article
PLATYPUS: Software-based Power Side-Channel Attacks on x86 Open
Power side-channel attacks exploit variations in power consumption to extract secrets from a device, e.g., cryptographic keys. Prior attacks typically required physical access to the target device and specialized equipment such as probes a…
View article
SGX-Step Open
© 2017 ACM. Protected module architectures such as Intel SGX hold the promise of protecting sensitive computations from a potentially compromised operating system. Recent research convincingly demonstrated, however, that SGX's strengthened…
View article
SoK: Shining Light on Shadow Stacks Open
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, i.e., indirect calls through function pointers and virtual calls. Prot…
View article
Speculative Buffer Overflows: Attacks and Defenses Open
Practical attacks that exploit speculative execution can leak confidential information via microarchitectural side channels. The recently-demonstrated Spectre attacks leverage speculative loads which circumvent access checks to read memory…
View article
Binary code is not easy Open
Binary code analysis is an enabling technique for many applications. Modern compilers and run-time libraries have introduced significant complexities to binary code, which negatively affect the capabilities of binary analysis tool kits to …
View article
jTrans: jump-aware transformer for binary code similarity detection Open
Binary code similarity detection (BCSD) has important applications in various fields such as vulnerabilities detection, software component analysis, and reverse engineering. Recent studies have shown that deep neural networks (DNNs) can co…
View article
Protecting Bare-Metal Embedded Systems with Privilege Overlays Open
Embedded systems are ubiquitous in every aspect of modern life. As the Internet of Thing expands, our dependence on these systems increases. Many of these interconnected systems are and will be low cost bare-metal systems, executing withou…
View article
Watch Me, but Don't Touch Me! Contactless Control Flow Monitoring via Electromagnetic Emanations Open
Trustworthy operation of industrial control systems depends on secure and\nreal-time code execution on the embedded programmable logic controllers (PLCs).\nThe controllers monitor and control the critical infrastructures, such as\nelectric…
View article
Compiler-Agnostic Function Detection in Binaries Open
We propose Nucleus, a novel function detection algorithm for binaries. In contrast to prior work, Nucleus is compiler-agnostic, and does not require any learning phase or signature information. Instead of scanning for signatures, Nucleus d…
View article
An Android mutation malware detection based on deep learning using visualization of importance from codes Open
Smartphone use, especially the Android platform, has already got 80% market shares, due to an aforementioned [where?] report, it becomes an attacker's primary objective. There is a growing number of storing private data onto smart phones a…
View article
Neural Code Comprehension: A Learnable Representation of Code Semantics Open
With the recent success of embeddings in natural language processing, research has been conducted into applying similar methods to code analysis. Most works attempt to process the code directly or use a syntactic tree representation, treat…
View article
HarvOS Open
We present code instrumentation strategies to allow transiently-powered embedded sensing devices efficiently checkpoint the system's state before energy is exhausted. Our solution, called HarvOS, operates at compile-time with limited devel…
View article
SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution. Open
This paper presents SgxPectre Attacks that exploit the recently disclosed CPU bugs to subvert the confidentiality of SGX enclaves. Particularly, we show that when branch prediction of the enclave code can be influenced by programs outside …
View article
Matryoshka Open
Greybox fuzzing has made impressive progress in recent years, evolving from heuristics-based random mutation to solving individual branch constraints. However, they have difficulty solving path constraints that involve deeply nested condit…
View article
On Code Execution Tracking via Power Side-Channel Open
With the proliferation of Internet of Things, there is a growing interest in embedded system attacks, e.g., key extraction attacks and firmware modification attacks. Code execution tracking, as the first step to locate vulnerable instructi…
View article
Block Oriented Programming Open
With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting ar…
View article
rev.ng: a unified binary analysis framework to recover CFGs and function boundaries Open
Static binary analysis is a key tool to assess the security of thirdparty binaries and legacy programs. Most forms of binary analysis rely on the availability of two key pieces of information: the program's control-flow graph and function …
View article
Snitch: A Tiny Pseudo Dual-Issue Processor for Area and Energy Efficient Execution of Floating-Point Intensive Workloads Open
Data-parallel applications, such as data analytics, machine learning, and\nscientific computing, are placing an ever-growing demand on floating-point\noperations per second on emerging systems. With increasing integration density,\nthe que…
View article
Where Does It Go? Open
System software commonly uses indirect calls to realize dynamic program behaviors. However, indirect-calls also bring challenges to constructing a precise control-flow graph that is a standard pre-requisite for many static program-analysis…
View article
GRIFFIN Open
Researchers are actively exploring techniques to enforce control-flow integrity (CFI), which restricts program execution to a predefined set of targets for each indirect control transfer to prevent code-reuse attacks. While hardware-assist…
View article
Neural reverse engineering of stripped binaries using augmented control flow graphs Open
We address the problem of reverse engineering of stripped executables, which contain no debug information. This is a challenging problem because of the low amount of syntactic information available in stripped executables, and the diverse …
View article
OAT: Attesting Operation Integrity of Embedded Devices Open
Due to the wide adoption of IoT/CPS systems, embedded devices (IoT frontends) become increasingly connected and mission-critical, which in turn has attracted advanced attacks (e.g., control-flow hijacks and data-only attacks). Unfortunatel…
View article
Don't Unroll Adjoint: Differentiating SSA-Form Programs Open
This paper presents reverse-mode algorithmic differentiation (AD) based on source code transformation, in particular of the Static Single Assignment (SSA) form used by modern compilers. The approach can support control flow, nesting, mutat…
View article
Path-based function embedding and its application to error-handling specification mining Open
Identifying relationships among program elements is useful for program understanding, debugging, and analysis. One such kind of relationship is synonymy. Function synonyms are functions that play a similar role in code; examples include fu…
View article
Nibbler Open
Developers today have access to an arsenal of toolkits and libraries for rapid application prototyping. However, when an application loads a library, the entirety of that library's code is mapped into the address space, even if only a sing…