Call stack ≈ Call stack
View article
SoK: Shining Light on Shadow Stacks Open
Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, i.e., indirect calls through function pointers and virtual calls. Prot…
View article
Toxic Code Snippets on Stack Overflow Open
Online code clones are code fragments that are copied from software projects\nor online sources to Stack Overflow as examples. Due to an absence of a\nchecking mechanism after the code has been copied to Stack Overflow, they can\nbecome to…
View article
A Visual Analytics Framework for the Detection of Anomalous Call Stack Trees in High Performance Computing Applications Open
Anomalous runtime behavior detection is one of the most important tasks for performance diagnosis in High Performance Computing (HPC). Most of the existing methods find anomalous executions based on the properties of individual functions, …
View article
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying Open
A common type of memory error in the Linux kernel is using uninitialized variables (uninitialized use). Uninitialized uses not only cause undefined behaviors but also impose a severe security risk if an attacker takes control of the uninit…
View article
An abstract stack based approach to verified compositional compilation to machine code Open
A key ingredient contributing to the success of CompCert, the state-of-the-art verified compiler for C, is its block-based memory model, which is used uniformly for all of its languages and their verified compilation. However, CompCert's m…
View article
The Stack: 3 TB of permissively licensed source code Open
Large Language Models (LLMs) play an ever-increasing role in the field of Artificial Intelligence (AI)--not only for natural language processing but also for code understanding and generation. To stimulate open and responsible research on …
View article
A Robust and Efficient Defense against Use-after-Free Exploits via Concurrent Pointer Sweeping Open
Applications in C/C++ are notoriously prone to memory corruptions. With significant research efforts devoted to this area of study, the security threats posed by previously popular vulnerabilities, such as stack and heap overflows, are not…
View article
Modular Synthesis of Heap Exploits Open
Memory errors continue to compromise the security of today's systems. Recent efforts to automatically synthesize exploits for stack-based buffer overflows promise to help assess a vulnerability's severity more quickly and alleviate the bur…
View article
Secure and efficient application monitoring and replication Open
Memory corruption vulnerabilities remain a grave threat to systems software written in C/C++. Current best practices dictate compiling programs with exploit mitigations such as stack canaries, address space layout randomization, and contro…
View article
Design and Implementation of a Backward-In-Time Debugger Open
Traditional debugging and stepping execution trace are well-accepted techniques to understand deep internals about a program. However in many cases navigating the stack trace is not enough to find bugs, since the cause of a bug is often no…
View article
Protecting the Stack with Metadata Policies and Tagged Hardware Open
The program call stack is a major source of exploitable security vulnerabilities in low-level, unsafe languages like C. In conventional runtime implementations, the underlying stack data is exposed and unprotected, allowing programming err…
View article
Applying Stack Bidirectional LSTM Model to Intrusion Detection Open
Nowadays, Internet has become an indispensable part of daily life and is used in many fields. Due to the large amount of Internet traffic, computers are subject to various security threats, which may cause serious economic losses and even …
View article
Exploiting stack-based buffer overflow using modern day techniques Open
One of the most commonly known vulnerabilities that can affect a binary executable is the stack-based buffer overflow. The buffer overflow occurs when a program, while writing data to a buffer, overruns the buffer's boundary and overwrites…
View article
Type-After-Type Open
Temporal memory errors, such as use-after-free bugs, are increasingly popular among attackers and their exploitation is hard to stop efficiently using current techniques. We present a new design, called Type-After-Type, which builds on abs…
View article
A Gaze-Based Exploratory Study on the Information Seeking Behavior of Developers on Stack Overflow Open
Software developers use Stack Overflow on a daily basis to search for solutions to problems they encounter during bug fixing and feature enhancement. In prior work, studies have been done on mining Stack Overflow data such as for predictin…
View article
High-performance Deterministic Concurrency Using <span>Lingua Franca</span> Open
Actor frameworks and similar reactive programming techniques are widely used for building concurrent systems. They promise to be efficient and scale well to a large number of cores or nodes in a distributed system. However, they also expos…
View article
Building stack traces from memory dump of Windows x64 Open
Stack traces play an important role in memory forensics as well as program debugging. This is because stack traces provide a history of executed code in a malware-infected host and this history could become a clue for forensic analysts to …
View article
A Scalable, Correct Time-Stamped Stack Open
Concurrent data-structures, such as stacks, queues, and deques, often implicitly enforce a total order over elements in their underlying memory layout. However, much of this order is unnecessary: linearizability only requires that elements…
View article
Dynamic Canary Randomization for Improved Software Security Open
Stack canaries are a well-known and effective technique for detecting and defeating stack overflow attacks. However, they are not perfect. For programs compiled using gcc, the reference canary value is randomly generated at program invocat…
View article
Protecting the stack with PACed canaries Open
Stack canaries remain a widely deployed defense against memory corruption attacks. Despite their practical usefulness, canaries are vulnerable to memory disclosure and brute-forcing attacks. We propose PCan, a new approach based on ARMv8.3…
View article
Le temps des cerises: efficient temporal stack safety on capability machines using directed capabilities Open
Capability machines are a type of CPUs that support fine-grained privilege separation using capabilities , machine words that include forms of authority. Formal models of capability machines and associated calling conventions have so far f…
View article
TZmCFI: RTOS-Aware Control-Flow Integrity Using TrustZone for Armv8-M Open
Control-Flow Integrity (CFI) is a class of defensive techniques against control-flow attacks such as Return-Oriented Programming. We propose a light-weight CFI scheme for RTOS-based applications, TZmCFI, which utilizes TrustZone for Armv8-…
View article
The Full Stack Developer Open
This books reviews the non-programming skills needed to be a successful full-stack web developer and reveals the reasons why a truly successful full-stack developer does more than write code. You'll see the big picture and gain the techniq…
View article
BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis Open
Stack buffer overflow vulnerability is a common software vulnerability that can overwrite function return addresses and hijack program control flow, causing serious system problems. Existing automated exploit generation (AEG) solutions can…
View article
Is the Stack Distance Between Test Case and Method Correlated With Test Effectiveness? Open
Mutation testing is a means to assess the effectiveness of a test suite and its outcome is considered more meaningful than code coverage metrics. However, despite several optimizations, mutation testing requires a significant computational…
View article
Actor concurrency bugs: a comprehensive study on symptoms, root causes, API usages, and differences Open
Actor concurrency is becoming increasingly important in the development of real-world software systems. Although actor concurrency may be less susceptible to some multithreaded concurrency bugs, such as low-level data races and deadlocks, …
View article
Temporal Safety for Stack Allocated Memory on Capability Machines Open
Memory capabilities as supported in capability machines are very similar to fat pointers, and hence are very useful for the efficient enforcement of spatial memory safety. Enforcing temporal memory safety however, is more challenging. This…
View article
A Review on Technologies used in MERN stack Open
MERN stack is one of the well known web stack that has acquired significance over other stack. This is a direct result of its UI delivering and execution, Cost-Adequacy, Open Source and is not difficult to switch among customer and server.…
View article
Practical Software-Based Shadow Stacks on x86-64 Open
Control-Flow Integrity (CFI) techniques focus often on protecting forward edges and assume that backward edges are protected by shadow stacks. However, software-based shadow stacks that can provide performance, security, and compatibility …
View article
A High-Level Separation Logic for Heap Space under Garbage Collection Open
We present a Separation Logic with space credits for reasoning about heap space in a sequential call-by-value lambda-calculus equipped with garbage collection and mutable state. A key challenge is to design sound, modular, lightweight mech…