Control-Flow Hijacking

Mathias Payer
2017 Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security - ASIA CCS '17  
Memory corruption errors in C/C++ programs remain the most common source of security vulnerabilities in today's systems. Over the last 10+ years the security community developed several defenses [4] . Data Execution Prevention (DEP) protects against code injection -eradicating this attack vector. Yet, control-flow hijacking and code reuse remain challenging despite wide deployment of Address Space Layout Randomization (ASLR) and stack canaries. These defenses are probabilistic and rely on information hiding.
doi:10.1145/3052973.3056127 dblp:conf/ccs/Payer17 fatcat:y3nst6gnonhglpfa5yyhlthcda