A tough call : Mitigating advanced code-reuse attacks at the binary level
- Submitting institution
-
University of Bristol
- Unit of assessment
- 11 - Computer Science and Informatics
- Output identifier
- 197615392
- Type
- E - Conference contribution
- DOI
-
10.1109/SP.2016.60
- Title of conference / published proceedings
- 2016 IEEE Symposium on Security and Privacy (SP)
- First page
- 934
- Volume
- -
- Issue
- -
- ISSN
- 2375-1207
- Open access status
- Deposit exception
- Month of publication
- August
- Year of publication
- 2016
- URL
-
-
- Supplementary information
-
-
- Request cross-referral to
- -
- Output has been delayed by COVID-19
- No
- COVID-19 affected output statement
- -
- Forensic science
- No
- Criminology
- No
- Interdisciplinary
- No
- Number of additional authors
-
9
- Research group(s)
-
B - Cybersecurity and Cryptography
- Citation count
- 28
- Proposed double-weighted
- No
- Reserve for an output with double weighting
- No
- Additional information
- First binary executable based solution for fine-grained control-flow integrity (CFI) - the most promising technique to mitigate new attacks [Gu et.al., PT-CFI, CodaSpy17, Farkhani et.al. ACSAC'18]. Follow up works describe this solution as one that "provides the best precision" [Tan & Jaeger, PLAS’17] and "most comprehensive evaluation" [Xiaoyang Xu et.al, USENIX Sec’19] as it mitigates recent advanced code-reuse attacks. Solution was able to defend real-world applications, like Firefox. Practical enough to be applied to real server applications like nginx (very low performance overhead). Open sourced (typearmor, github). Lead PhD student (Veen) secured an internship at QualComm, which resulted in employment.
- Author contribution statement
- -
- Non-English
- No
- English abstract
- -