8,450 Hits in 8.5 sec

Analyzing control flow integrity with LLVM-CFI

Paul Muntean, Matthias Neumayer, Zhiqiang Lin, Gang Tan, Jens Grossklags, Claudia Eckert
2019 Proceedings of the 35th Annual Computer Security Applications Conference on - ACSAC '19  
Current solutions for assessing the attack surface afteracontrol flow integrity(CFI) policy was applied can measure onlyindirect transfer averages in the best case without providing anyinsights w.r.t.  ...  We have usedLLVM-CFIto assess eight state-of-the-art static CFI defenses on real-worldprograms such as Google Chrome and Apache Httpd.LLVM-CFIprovides a precise analysis of the residual attack surfaces  ...  Further, we also would like to thank the anonymous reviewers for their constructive feedback. Zhiqiang Lin is partially supported by US NSF grant CNS-1834215 and ONR award N00014-17-1-2995.  ... 
doi:10.1145/3359789.3359806 dblp:conf/acsac/MunteanNLTG019 fatcat:pli7gsiey5fmbjkl3jguidareu

CONFIRM: Evaluating Compatibility and Relevance of Control-flow Integrity Protections for Modern Software

Xiaoyang Xu, Masoud Ghaffarinia, Wenhao Wang, Kevin W. Hamlen, Zhiqiang Lin
2019 USENIX Security Symposium  
CONFIRM (CONtrol-Flow Integrity Relevance Metrics) is a new evaluation methodology and microbenchmarking suite for assessing compatibility, applicability, and relevance of control-flow integrity (CFI)  ...  (semantic transparency) of diverse, mainstream software products has been under-studied in the literature.  ...  Sekar, Zhi Wang, and Qingchuan Zhao for their provision of CFI solution implementations and installation assistance for evaluations.  ... 
dblp:conf/uss/XuGWHL19 fatcat:cosrdv25rbeyrbjneyj4h5yfd4

Resilience-by-design in Adaptive Multi-Agent Traffic Control Systems [article]

Ranwa Al Mallah, Talal Halabi, Bilal Farooq
2021 arXiv   pre-print
In this paper, we perform the first detailed security analysis and implementation of a new cyber-physical attack category carried out by the network of CAVs against Adaptive Multi-Agent Traffic Signal  ...  However, their involvement will expand the space of security vulnerabilities and create larger threat vectors.  ...  Evaluation Metrics The mean trip waiting time is used as a performance metric to measure the impact of traffic control performed at each intersection compared to a baseline where static traffic programs  ... 
arXiv:2012.02675v4 fatcat:nap3mlman5at5p67s5kqvcz2vm

Attacks against process control systems

Alvaro A. Cárdenas, Saurabh Amin, Zong-Syun Lin, Yu-Lun Huang, Chi-Yen Huang, Shankar Sastry
2011 Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security - ASIACCS '11  
While previous work has proposed new security mechanisms for control systems, few of them have explored new and fundamentally different research problems for securing control systems when compared to securing  ...  A secondary goal of this paper is to initiate the discussion between control and security practitioners-two areas that have had little interaction in the past.  ...  Acknowledgments We would like to thank Gabor Karsai, Adrian Perrig, Bruno Sinopoli, and Jon Wiley for helpful discussions on the security of control systems.  ... 
doi:10.1145/1966913.1966959 fatcat:jym5mir74jbkdmykvo4wx56afi

Fine-Grained Control-Flow Integrity Through Binary Hardening [chapter]

Mathias Payer, Antonio Barresi, Thomas R. Gross
2015 Lecture Notes in Computer Science  
Control-Flow Integrity (CFI) is a promising security property that restricts indirect control-flow transfers to a static set of well-known locations.  ...  A shadow stack enforces precise integrity for function returns.  ...  Acknowledgements We thank Andreas Follner, Volodymyr Kuznetsov, Per Larsen, Kaveh Razavi, our shepherd Cristiano Giuffrida, and the anonymous reviewers for feedback and discussions.  ... 
doi:10.1007/978-3-319-20550-2_8 fatcat:imb2l3voebeqxbwkg4dvwvubjq

Survey of Control-Flow Integrity Techniques for Embedded and Real-Time Embedded Systems [article]

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes
2021 arXiv   pre-print
Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution.  ...  We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded  ...  Essentially, there is a need to define how lazy CFI can be, and develop system/task models that enforce these boundaries.  ... 
arXiv:2111.11390v1 fatcat:cdk7p5pptzdizgcghdyapmdd2m


Stephen D. Morris
2015 Tractus Aevorum  
This paper explores the intersection of crime and corruption, drawing on the Mexican case for examples and discussion.  ...  It concludes by briefly laying out the next steps in the broader study of the interaction of state controls over society and societal controls over the state.  ...  The model developed here points to a complex 20 There has long been substantial theoretical support for the prioritizing of security and societal control over controls over the state.  ... 
doi:10.18413/2312-3044-2015-2-2-149-177 fatcat:t6ihp7an2bb4zaoyazy5o3zp6i

Identifying, understanding, and analyzing critical infrastructure interdependencies

2001 IEEE Control Systems  
Acknowledgments The authors would like to acknowledge the important contributions of Michael North (Argonne National Laboratory) and the White House Office of Science and Technology Policy Interdependencies  ...  that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of governments at all levels, and society as a whole  ...  These metrics should include a range of economic, social, and national security considerations.  ... 
doi:10.1109/37.969131 fatcat:r7uuuzkuz5hbbanspawyjwp4ki

Control-Flow Integrity: Attacks and Protections

Sarwar Sayeed, Hector Marco-Gisbert, Ismael Ripoll, Miriam Birch
2019 Applied Sciences  
Control-flow Integrity (CFI) is a large family of techniques that aims to eradicate memory error exploitation by ensuring that the instruction pointer (IP) of a running process cannot be controlled by  ...  Our study indicates that the majority of the CFI techniques are primarily focused on restricting indirect branch instructions and cannot prevent all forms of vulnerability exploitation.  ...  A simple metric, Average Indirect target reduction(AIR), has also been proposed to measure the elimination of indirect transfers.  ... 
doi:10.3390/app9204229 fatcat:u5gsvzq6vfa7bah6zfl3ktxsza

Survey of Control-Flow Integrity Techniques for Real-Time Embedded Systems

Tanmaya Mishra, Thidapat Chantem, Ryan Gerdes
2022 ACM Transactions on Embedded Computing Systems  
Control-flow integrity (CFI) is a family of defense mechanisms that prevent attackers from modifying the flow of execution.  ...  We survey CFI techniques, ranging from the basic to state-of-the-art, that are built for embedded systems and real-time embedded systems and find that there is a dearth, especially for real-time embedded  ...  CCI is an investment in the advancement of cyber R&D, innovation and workforce development in Virginia. For more information about CCI, visit  ... 
doi:10.1145/3538275 fatcat:asbuxzb2qzbntjp4giae7xkyyy

Unstacking the Deck: Administrative Summary Judgment and Political Control

Alexander I. Platt
2017 Social Science Research Network  
Setting enforcement priorities is a critical .function for agencies like the SEC that are charged with enforcing a vast and complex array of legal obligations, but which have resources to pursue only a  ...  procedure as a way for agency prosecutors to avoid 'futile" hearings, and courts have upheld it based on the same technocratic justification.  ...  .162 Unfortunately, the total number of enforcement actions is a very poor metric for assessing the impact of SEC's enforcement program.  ... 
doi:10.2139/ssrn.2809199 fatcat:ybckfr5gdjgwznm7wvp4fwptcq

Coarse-grained Dynamic Taint Analysis for Defeating Control and Non-control Data Attacks [article]

Pankaj Kohli
2009 arXiv   pre-print
We performed extensive experimental evaluation of our approach and show that it can detect all critical attacks such as buffer overflows, and format string attacks, including non-control data attacks.  ...  Memory corruption attacks remain the primary threat for computer security. Information flow tracking or taint analysis has been proven to be effective against most memory corruption attacks.  ...  Other targets include address of destructor functions in DTORS table, address of library functions in the GOT, function pointers and other security critical data. Non-control Data Attacks.  ... 
arXiv:0906.4481v2 fatcat:y2wyjl5pufa4bfds3isynqytdu

State of the art of cyber-physical systems security: An automatic control perspective

Yuriy Zacchia Lun, Alessandro D'Innocenzo, Francesco Smarra, Ivano Malavolta, Maria Domenica Di Benedetto
2019 Journal of Systems and Software  
The provided systematic map of 118 selected studies is based on, for instance, application fields, various system components, related algorithms and models, attacks characteristics and defense strategies  ...  Due to the tight cyber-physical coupling and to the potentially disrupting consequences of failures, security here is one of the primary concerns.  ...  Application field Studies Building automation D' Innocenzo et al. (2015) Irrigation and water supply Pasqualetti et al. (2013) ; Amin et al. (2010) ; ; Teixeira et al. ( , 2012 ) Linear dynamical  ... 
doi:10.1016/j.jss.2018.12.006 fatcat:dv2hrhfhevfofgh57mvdq3gvbm

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences [article]

Joseph Gardiner, Marco Cova, Shishir Nagaraja
2015 arXiv   pre-print
We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels.  ...  We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence  ...  While the metric and test sections in each control provide a discussion of how to measure and test the effectiveness of a control, it may be easy for a reader to focus on the defensive mechanisms rather  ... 
arXiv:1408.1136v2 fatcat:dhhjzhq44rgqxojwfaw324ehh4

Preliminaries of Orthogonal Layered Defence Using Functional and Assurance Controls in Industrial Control Systems

Mike Mackintosh, Gregory Epiphaniou, Haider Al-Khateeb, Keith Burnham, Prashant Pillai, Mohammad Hammoudeh
2019 Journal of Sensor and Actuator Networks  
critical real-time transfer of command and control traffic.  ...  Industrial Control Systems (ICSs) are responsible for the automation of different processes and the overall control of systems that include highly sensitive potential targets such as nuclear facilities  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/jsan8010014 fatcat:6ffw4y4gxvf3tpmx7ckgsh6xfe
« Previous Showing results 1 — 15 out of 8,450 results