Automatic Generation of Data-Oriented Exploits
暂无分享,去创建一个
Zhenkai Liang | Hong Hu | Sendroiu Adrian | Zheng Leong Chua | Prateek Saxena | P. Saxena | Zhenkai Liang | Hong Hu | Sendroiu Adrian
[1] David Brumley,et al. Automatic exploit generation , 2014, CACM.
[2] Zhi Wang,et al. HyperSafe: A Lightweight Approach to Provide Lifetime Hypervisor Control-Flow Integrity , 2010, 2010 IEEE Symposium on Security and Privacy.
[3] Xi Wang,et al. Improving application security with data flow assertions , 2009, SOSP '09.
[4] J. Gregory Morrisett,et al. Combining control-flow integrity and static analysis for efficient and validated data sandboxing , 2011, CCS '11.
[5] James Cheney,et al. Cyclone: A Safe Dialect of C , 2002, USENIX Annual Technical Conference, General Track.
[6] Jun Xu,et al. Non-Control-Data Attacks Are Realistic Threats , 2005, USENIX Security Symposium.
[7] Ben Niu,et al. Modular control-flow integrity , 2014, PLDI.
[8] Daniel C. DuVarney,et al. Address Obfuscation: An Efficient Approach to Combat a Broad Range of Memory Error Exploits , 2003, USENIX Security Symposium.
[9] Wei Xu,et al. Taint-Enhanced Policy Enforcement: A Practical Approach to Defeat a Wide Range of Attacks , 2006, USENIX Security Symposium.
[10] Chao Zhang,et al. Practical Control Flow Integrity and Randomization for Binary Executables , 2013, 2013 IEEE Symposium on Security and Privacy.
[11] Miguel Castro,et al. Securing software by enforcing data-flow integrity , 2006, OSDI '06.
[12] George C. Necula,et al. CCured: type-safe retrofitting of legacy code , 2002, POPL '02.
[13] Milo M. K. Martin,et al. CETS: compiler enforced temporal safety for C , 2010, ISMM '10.
[14] Milo M. K. Martin,et al. SoftBound: highly compatible and complete spatial memory safety for c , 2009, PLDI '09.
[15] David Brumley,et al. BAP: A Binary Analysis Platform , 2011, CAV.
[16] Byung-Gon Chun,et al. TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.
[17] Ankur Taly,et al. Automated synthesis of symbolic instruction encodings from I/O samples , 2012, PLDI.
[18] Vikram S. Adve,et al. KCoFI: Complete Control-Flow Integrity for Commodity Operating System Kernels , 2014, 2014 IEEE Symposium on Security and Privacy.
[19] Christopher Krügel,et al. Toward Automated Detection of Logic Vulnerabilities in Web Applications , 2010, USENIX Security Symposium.
[20] Periklis Akritidis. Cling: A Memory Allocator to Mitigate Dangling Pointers , 2010, USENIX Security Symposium.
[21] David Brumley,et al. AEG: Automatic Exploit Generation , 2011, NDSS.
[22] Michael Backes,et al. You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code , 2014, CCS.
[23] Úlfar Erlingsson,et al. Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM , 2014, USENIX Security Symposium.
[24] Tal Garfinkel,et al. Shredding Your Garbage: Reducing Data Lifetime Through Secure Deallocation , 2005, USENIX Security Symposium.
[25] Nikolaj Bjørner,et al. Z3: An Efficient SMT Solver , 2008, TACAS.
[26] Patrice Godefroid,et al. Automated Whitebox Fuzz Testing , 2008, NDSS.
[27] Mingwei Zhang,et al. Control Flow Integrity for COTS Binaries , 2013, USENIX Security Symposium.
[28] David Brumley,et al. Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).
[29] Harish Patil,et al. Pin: building customized program analysis tools with dynamic instrumentation , 2005, PLDI '05.
[30] Mathias Payer,et al. Control-Flow Integrity , 2017, ACM Comput. Surv..
[31] Úlfar Erlingsson,et al. Strato: A Retargetable Framework for Low-Level Inlined-Reference Monitors , 2013, USENIX Security Symposium.
[32] Thomas R. Gross,et al. String oriented programming: when ASLR is not enough , 2013, PPREW '13.