Internet Archive Scholar
Filters
























8,450 Hits in 8.5 sec

Analyzing control flow integrity with LLVM-CFI

Paul Muntean, Matthias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert
2019 Proceedings of the 35th Annual Computer Security Applications Conference on - ACSAC '19  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (948.1 kB)
https://web.archive.org/web/20200908125631/https://arxiv.org/pdf/1910.01485v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2019 pre-print arXiv:1910.01485v1 fatcat:5dvpzq3b3zcxzad2sv33w2w6yu
Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case without providing anyinsights w.r.t.  ...  We have usedLLVM-CFIto assess eight state-of-the-art static CFI defenses on real-worldprograms such as Google Chrome and Apache Httpd.LLVM-CFIprovides a precise analysis of the residual attack surfaces  ...  Further, we also would like to thank the anonymous reviewers for their constructive feedback. Zhiqiang Lin is partially supported by US NSF grant CNS-1834215 and ONR award N00014-17-1-2995.  ... 
doi:10.1145/3359789.3359806 dblp:conf/acsac/MunteanNLTG019 fatcat:pli7gsiey5fmbjkl3jguidareu
Multiple Versions
Citation

Paul Muntean, Matthias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert. "Analyzing control flow integrity with LLVM-CFI." Proceedings of the 35th Annual Computer Security Applications Conference on - ACSAC '19 (2019) 584-597

CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software

Xiaoyang Xu, Masoud Ghaffarinia, Wenhao Wang, Kevin W. Hamlen, Zhiqiang Lin
2019 USENIX Security Symposium  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (415.2 kB)
https://web.archive.org/web/20201024010700/https://www.usenix.org/system/files/sec19-xu-xiaoyang.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

CONFIRM (CONtrol-Flow Integrity Relevance Metrics) is a new evaluation methodology and microbenchmarking suite for assessing compatibility, applicability, and relevance of control-flow integrity (CFI)  ...  (semantic transparency) of diverse, mainstream software products has been under-studied in the literature.  ...  Sekar, Zhi Wang, and Qingchuan Zhao for their provision of CFI solution implementations and installation assistance for evaluations.  ... 
dblp:conf/uss/XuGWHL19 fatcat:cosrdv25rbeyrbjneyj4h5yfd4
Citation

Xiaoyang Xu, Masoud Ghaffarinia, Wenhao Wang, Kevin W. Hamlen, Zhiqiang Lin. "CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software." USENIX Security Symposium (2019) 1805-1821

Resilience-by-design in Adaptive Multi-Agent Traffic Control Systems [article]

Ranwa Al Mallah, Talal Halabi, Bilal Farooq
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.1 MB)
https://web.archive.org/web/20210903114617/https://arxiv.org/pdf/2012.02675v4.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2020 pre-print
arXiv:2012.02675v1 fatcat:4ntpylrfdbahxp24v42eqszmfq
2020 pre-print
arXiv:2012.02675v2 fatcat:hl7bidaf3vg6dh5htnjl5y7ziy
2020 pre-print
arXiv:2012.02675v3 fatcat:zz3qmli6vfektn5y7eecxusy7u
In this paper, we perform the first detailed security analysis and implementation of a new cyber-physical attack category carried out by the network of CAVs against Adaptive Multi-Agent Traffic Signal  ...  However, their involvement will expand the space of security vulnerabilities and create larger threat vectors.  ...  Evaluation Metrics The mean trip waiting time is used as a performance metric to measure the impact of traffic control performed at each intersection compared to a baseline where static traffic programs  ... 
arXiv:2012.02675v4 fatcat:nap3mlman5at5p67s5kqvcz2vm
Multiple Versions
Citation

Ranwa Al Mallah, Talal Halabi, Bilal Farooq. "Resilience-by-design in Adaptive Multi-Agent Traffic Control Systems." arXiv (2021)

Attacks against process control systems

Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, Shankar Sastry
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (569.8 kB)
https://web.archive.org/web/20170811053849/http://feihu.eng.ua.edu/NSF_CPS/year1/w8_3.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing  ...  A secondary goal of this paper is to initiate the discussion between control and security practitioners-two areas that have had little interaction in the past.  ...  Acknowledgments We would like to thank Gabor Karsai, Adrian Perrig, Bruno Sinopoli, and Jon Wiley for helpful discussions on the security of control systems.  ... 
doi:10.1145/1966913.1966959 fatcat:jym5mir74jbkdmykvo4wx56afi
Citation

Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, Shankar Sastry. "Attacks against process control systems." Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11 (2011)

Fine-Grained Control-Flow Integrity Through Binary Hardening [chapter]

Mathias Payer, Antonio Barresi, Thomas R. Gross
2015 Lecture Notes in Computer Science  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (781.4 kB)
https://web.archive.org/web/20170706034500/http://nebelwelt.net/publications/files/15DIMVA.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations.  ...  A shadow stack enforces precise integrity for function returns.  ...  Acknowledgements We thank Andreas Follner, Volodymyr Kuznetsov, Per Larsen, Kaveh Razavi, our shepherd Cristiano Giuffrida, and the anonymous reviewers for feedback and discussions.  ... 
doi:10.1007/978-3-319-20550-2_8 fatcat:imb2l3voebeqxbwkg4dvwvubjq
Citation

Mathias Payer, Antonio Barresi, Thomas R. Gross. "Fine-Grained Control-Flow Integrity Through Binary Hardening." Lecture Notes in Computer Science (2015) 144-164

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems [article]

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes
2021 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.1 MB)
https://web.archive.org/web/20211128103019/https://arxiv.org/pdf/2111.11390v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution.  ...  We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded  ...  Essentially, there is a need to define how lazy CFI can be, and develop system/task models that enforce these boundaries.  ... 
arXiv:2111.11390v1 fatcat:cdk7p5pptzdizgcghdyapmdd2m
Citation

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes. "Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems." arXiv (2021)

CONTROLLING SOCIETY/ CONTROLLING THE STATE: CRIME AND CORRUPTION WITH A FOCUS ON MEXICO

Stephen D. Morris
2015 Tractus Aevorum  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (538.8 kB)
https://web.archive.org/web/20201124122817/http://ta.bsu.edu.ru/images/stories/4/01_Morris.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

This paper explores the intersection of crime and corruption, drawing on the Mexican case for examples and discussion.  ...  It concludes by briefly laying out the next steps in the broader study of the interaction of state controls over society and societal controls over the state.  ...  The model developed here points to a complex 20 There has long been substantial theoretical support for the prioritizing of security and societal control over controls over the state.  ... 
doi:10.18413/2312-3044-2015-2-2-149-177 fatcat:t6ihp7an2bb4zaoyazy5o3zp6i
DOAJ Szczepanski
Citation

Stephen D. Morris. "CONTROLLING SOCIETY/ CONTROLLING THE STATE: CRIME AND CORRUPTION WITH A FOCUS ON MEXICO." Tractus Aevorum 2.2 (2015) 149-177

Identifying, understanding, and analyzing critical infrastructure interdependencies

2001 IEEE Control Systems  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.2 MB)
https://web.archive.org/web/20170808031518/http://lyle.smu.edu/emis/cmmi5/Ibarra/DeskTop/2004_Phd_041406/Dissertation/Papers/Paper_Misc/CIP_Interdependcies_IEEE_Control_Systems.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL. The file type is application/pdf.

Acknowledgments The authors would like to acknowledge the important contributions of Michael North (Argonne National Laboratory) and the White House Office of Science and Technology Policy Interdependencies  ...  that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of governments at all levels, and society as a whole  ...  These metrics should include a range of economic, social, and national security considerations.  ... 
doi:10.1109/37.969131 fatcat:r7uuuzkuz5hbbanspawyjwp4ki
Citation

"Identifying, understanding, and analyzing critical infrastructure interdependencies." IEEE Control Systems 21.6 (2001) 11-25

Control-Flow Integrity: Attacks and Protections

Sarwar Sayeed, Hector Marco-Gisbert, Ismael Ripoll, Miriam Birch
2019 Applied Sciences  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (699.4 kB)
https://web.archive.org/web/20200307122721/https://myresearchspace.uws.ac.uk/ws/files/12616573/2019_10_03_Sayeed_et_al_Control_flow_final.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by  ...  Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation.  ...  A simple metric, Average Indirect target reduction(AIR), has also been proposed to measure the elimination of indirect transfers.  ... 
doi:10.3390/app9204229 fatcat:u5gsvzq6vfa7bah6zfl3ktxsza
DOAJ
Citation

Sarwar Sayeed, Hector Marco-Gisbert, Ismael Ripoll, Miriam Birch. "Control-Flow Integrity: Attacks and Protections." Applied Sciences 9.20 (2019) 4229

Survey of Control-Flow Integrity Techniques for Real-Time Embedded Systems

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes
2022 ACM Transactions on Embedded Computing Systems  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (485.6 kB)
https://web.archive.org/web/20220719070718/https://dl.acm.org/doi/pdf/10.1145/3538275

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL. The file type is application/pdf.

Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution.  ...  We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded  ...  CCI is an investment in the advancement of cyber R&D, innovation and workforce development in Virginia. For more information about CCI, visit cyberinitiative.org  ... 
doi:10.1145/3538275 fatcat:asbuxzb2qzbntjp4giae7xkyyy
Citation

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes. "Survey of Control-Flow Integrity Techniques for Real-Time Embedded Systems." ACM Transactions on Embedded Computing Systems (2022)

Unstacking the Deck: Administrative Summary Judgment and Political Control

Alexander I. Platt
2017 Social Science Research Network  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (3.3 MB)
https://web.archive.org/web/20190426181431/https://digitalcommons.law.yale.edu/cgi/viewcontent.cgi?article=1501&context=yjreg

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Setting enforcement priorities is a critical .function for agencies like the SEC that are charged with enforcing a vast and complex array of legal obligations, but which have resources to pursue only a  ...  procedure as a way for agency prosecutors to avoid 'futile" hearings, and courts have upheld it based on the same technocratic justification.  ...  .162 Unfortunately, the total number of enforcement actions is a very poor metric for assessing the impact of SEC's enforcement program.  ... 
doi:10.2139/ssrn.2809199 fatcat:ybckfr5gdjgwznm7wvp4fwptcq
Citation

Alexander I. Platt. "Unstacking the Deck: Administrative Summary Judgment and Political Control." Social Science Research Network (2017)

Coarse-grained Dynamic Taint Analysis for Defeating Control and Non-control Data Attacks [article]

Pankaj Kohli
2009 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
File Archive PDF (239.0 kB)
https://archive.org/download/arxiv-0906.4481/0906.4481.pdf

The Internet Archive has a preservation copy of this work in our general collections. The file type is application/pdf.

Other Versions

2009 pre-print
arXiv:0906.4481v1 fatcat:cwyp5m6oebhlphvodrno773xha
We performed extensive experimental evaluation of our approach and show that it can detect all critical attacks such as buffer overflows, and format string attacks, including non-control data attacks.  ...  Memory corruption attacks remain the primary threat for computer security. Information flow tracking or taint analysis has been proven to be effective against most memory corruption attacks.  ...  Other targets include address of destructor functions in DTORS table, address of library functions in the GOT, function pointers and other security critical data. Non-control Data Attacks.  ... 
arXiv:0906.4481v2 fatcat:y2wyjl5pufa4bfds3isynqytdu
Multiple Versions
Citation

Pankaj Kohli. "Coarse-grained Dynamic Taint Analysis for Defeating Control and Non-control Data Attacks." arXiv (2009)

State of the art of cyber-physical systems security: An automatic control perspective

Yuriy Zacchia Lun, Alessandro D'Innocenzo, Francesco Smarra, Ivano Malavolta, Maria Domenica Di Benedetto
2019 Journal of Systems and Software  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (4.8 MB)
https://web.archive.org/web/20210428012646/https://research.vu.nl/ws/files/118938525/State_of_the_art_of_cyberphysical_systems_security.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL. The file type is application/pdf.

Other Versions

2016 pre-print
arXiv:1605.09641v1 fatcat:3v2hysxyx5bnno3sknxzymzky4
The provided systematic map of 118 selected studies is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies  ...  Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns.  ...  Application field Studies Building automation D' Innocenzo et al. (2015) Irrigation and water supply Pasqualetti et al. (2013) ; Amin et al. (2010) ; ; Teixeira et al. ( , 2012 ) Linear dynamical  ... 
doi:10.1016/j.jss.2018.12.006 fatcat:dv2hrhfhevfofgh57mvdq3gvbm
Multiple Versions
Citation

Yuriy Zacchia Lun, Alessandro D'Innocenzo, Francesco Smarra, Ivano Malavolta, Maria Domenica Di Benedetto. "State of the art of cyber-physical systems security: An automatic control perspective." Journal of Systems and Software (2019) 174-216

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences [article]

Joseph Gardiner, Marco Cova, Shishir Nagaraja
2015 arXiv   pre-print

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (757.5 kB)
https://web.archive.org/web/20191017134319/https://arxiv.org/pdf/1408.1136v1.pdf

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

Note that this fulltext copy is not of the "primary" version of this work. The version it corresponds to is:

2014 pre-print arXiv:1408.1136v1 fatcat:64wskjwl2fbijfccersknyzcra
We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels.  ...  We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence  ...  While the metric and test sections in each control provide a discussion of how to measure and test the effectiveness of a control, it may be easy for a reader to focus on the defensive mechanisms rather  ... 
arXiv:1408.1136v2 fatcat:dhhjzhq44rgqxojwfaw324ehh4
Multiple Versions
Citation

Joseph Gardiner, Marco Cova, Shishir Nagaraja. "Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences." arXiv (2015)

Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems

Mike Mackintosh, Gregory Epiphaniou, Haider Al-Khateeb, Keith Burnham, Prashant Pillai, Mohammad Hammoudeh
2019 Journal of Sensor and Actuator Networks  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (1.8 MB)
https://web.archive.org/web/20190503093209/https://res.mdpi.com/jsan/jsan-08-00014/article_deploy/jsan-08-00014.pdf?filename=&attachment=1

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL. The file type is application/pdf.

critical real-time transfer of command and control traffic.  ...  Industrial Control Systems (ICSs) are responsible for the automation of different processes and the overall control of systems that include highly sensitive potential targets such as nuclear facilities  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/jsan8010014 fatcat:6ffw4y4gxvf3tpmx7ckgsh6xfe
DOAJ
Citation

Mike Mackintosh, Gregory Epiphaniou, Haider Al-Khateeb, Keith Burnham, Prashant Pillai, Mohammad Hammoudeh. "Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems." Journal of Sensor and Actuator Networks 8.1 (2019) 14

« Previous Showing results 1 — 15 out of 8,450 results