Abadi, M, Budiu M, Erlingsson U, Ligatti J (2005) Control-flow integrity In: ACM Conference on Computer and Communications Security (CCS ’05).. ACM, New York.
Google Scholar
Auer, P, Cesa-Bianchi N, Fischer P (2002) Finite-time analysis of the multiarmed bandit problem. Mach Learn 47(2-3):235–256.
Article
MATH
Google Scholar
Backes, M, Nürnberger S (2014) Oxymoron: Making fine-grained memory randomization practical by allowing code sharing In: USENIX Security Symposium (Security ’14).. USENIX Association, San Diego.
Google Scholar
Bhatkar, E, Duvarney DC, Sekar R (2003) Address obfuscation: an efficient approach to combat a broad range of memory error exploits In: USENIX Security Symposium (Security ’03).. USENIX Association, San Diego.
Google Scholar
Bhatkar, S, Sekar R (2008) Data space randomization In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ’08).. Springer-Verlag, Berlin.
Google Scholar
Bhatkar, S, Sekar R, DuVarney DC (2005) Efficient techniques for comprehensive protection from memory error exploits In: USENIX Security Symposium (Security ’05).. USENIX Association, San Diego.
Google Scholar
Bigelow, D, Hobson T, Rudd R, Streilein W, Okhravi H (2015) Timely rerandomization for mitigating memory disclosures In: Proceedings of the 22nd Conference on Computer and Communications Security (CCS ’15).. ACM, New York.
Google Scholar
Bittau, A, Belay A, Mashtizadeh A, Mazieres D, Boneh D (2014) Hacking blind In: IEEE Symposium on Security and Privacy (Oakland ’14).. IEEE Computer Society, Washington.
Google Scholar
Blazakis, D (2010) Interpreter exploitation In: USENIX Conference on Offensive Technologies (WOOT ’10).. IEEE Computer Society, Washington.
Google Scholar
Bletsch, T, Jiang X, Freeh V (2011) Mitigating code-reuse attacks with control-flow locking In: Annual Computer Security Applications Conference (ACSAC ’11).. ACM, New York.
Google Scholar
Cadar, C, Akritidis P, Costa M, Martin J-P, Castro M (2008) Data randomization In: MSR-TR-2008-120.. Microsoft Research, Cambridge.
Google Scholar
Castro, M, Costa M, Harris T (2006) Securing software by enforcing data-flow integrity In: Proceedings of the 7th Symposium on Operating Systems Design and Implementation (OSDI’06).. USENIX Association, Berkeley.
Google Scholar
Chen, H, Mao Y, Wang X, Zhou D, Zeldovich N, Kaashoek MF (2011) Linux kernel vulnerabilities: State-of-the-art defenses and open problems In: Asia-Pacific Workshop on Systems (APSys ’11).. ACM, New York.
Google Scholar
Chen, P, Xu J, Lin Z, Xu D, Mao B, Liu P (2015) A practical approach for adaptive data structure layout randomization In: Proceedings of the 20th European Symposium on Research in Computer Security (ESORICS’15).. Springer, Switzerland.
Google Scholar
Chen, S, Xu J, Sezer EC, Gauriar P, Iyer RK (2005) Non-control-data attacks are realistic threats In: Proceedings of the 14th Conference on USENIX Security Symposium (Security ’05).. USENIX Association, San Diego.
Google Scholar
Crispin, C, Calton P, Dave M, Heather H, Jonathan W, Peat B, Steve B, Aaron G, Perry W, Qian Z (1998) Stackguard: automatic adaptive detection and prevention of buffer-overflow attacks In: USENIX Security Symposium (Security ’98).. USENIX Association, San Diego.
Google Scholar
CVE-1999-0071 (1999) Apache-cookie bug. http://seclab.cs.ucdavis.edu/projects/testing/vulner/39.html.
CVE-2001-0144 (2001) SSH CRC-32 compensation attack detector. http://www.securityfocus.com/bid/2347/discuss.
CVE-2002-0656 (2002) Apache openssl heap overflow exploit. http://www.phreedom.org/research/exploits/apache-openssl/.
CVE-2014-0160 (2014) Heartbleed Bug.
CVE-2015-0235 (2015) Ghost: glibc gethostbyname buffer overflow. https://www.qualys.com/2015/01/27/cve-2015-0235/GHOST-CVE-2015-0235.txt.
Davi, L, Liebchen C, Sadeghi A-R, Snow KZ, Monrose F (2015) Isomeron: Code randomization resilient to (just-in-time) return-oriented programming In: Annual Network and Distributed System Security Symposium (NDSS ’15).. NDSS Symposium, San Diego.
Google Scholar
Egele, M, Fischer T, Holz T, Hund R, Nurnberger S, Sadeghi AR, Davi L, Dmitrienko A (2012) Mocfi: A framework to mitigate control-flow attacks on smartphones, In: Annual Network and Distributed System Security Symposium (NDSS’12).. NDSS Symposium, San Diego.
Google Scholar
Giuffrida, C, Kuijsten A, Tanenbaum AS (2012) Enhanced operating system security through efficient and fine-grained address space randomization In: USENIX Conference on Security Symposium (Security ’12).. USENIX Association, San Diego.
Google Scholar
Hiser, J, Nguyen-Tuong A, Co M, Hall M, Davidson JW (2012) Ilr: Where’d my gadgets go? In: IEEE Symposium on Security and Privacy (Oakland ’12).. IEEE Computer Society, Washington.
Google Scholar
Hu, H, Chua ZL, Adrian S, Saxena P, Liang Z (2015) Automatic generation of data-oriented exploits In: Proceedings of the 24th USENIX Security Symposium (Security ’15).. USENIX Association, San Diego.
Google Scholar
Hu, H, Shinde S, Adrian S, Chua ZL, Saxena P, Liang Z (2016) Data-oriented programming: On the expressiveness of non-control data attacks In: IEEE Symposium on Security and Privacy (Oakland ’16).. IEEE Computer Society, Washington.
Google Scholar
Keromytis, AD, Pappas V, Polychronakis M (2012) Smashing the gadgets: Hindering return-oriented programming using in-place code randomization In: IEEE Symposium on Security and Privacy (Oakland ’12).. IEEE Computer Society, Washington.
Google Scholar
Kil, C, Jim J, Bookholt C, Xu J, Ning P (2006) Address space layout permutation (aslp): Towards fine-grained randomization of commodity software In: Annual Computer Security Applications Conference (ACSAC ’06).. IEEE, Miami Beach.
Google Scholar
Kuleshov, V, Precup D (2014) Algorithms for multi-armed bandit problems In: Proceedings of the seventeenth annual ACM-SIAM symposium on Discrete algorithm, Society for Industrial and Applied Mathematics Philadelphia, PA, USA, 928–936. CVE-2014-0160 (2014) https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0160.
Lai, TL, Robbins H (1985) Asymptotically efficient adaptive allocation rules. Adv Appl Math 6(1):4–22.
Article
MathSciNet
MATH
Google Scholar
Lin, Z, Riley RD, Xu D (2009) Polymorphing software by randomizing data structure layout In: International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA ’09).. Berlin, Springer-Verlag.
Google Scholar
Litchfield, D (2003) Defeating the stack based buffer overflow prevention mechanism of microsoft windows 2003 server. https://www.blackhat.com/presentations/bh-asia-03/bh-asia-03-litchfield.pdf.
Lu, K, Nurnberger S, Backes M, Lee W (2016) How to make aslr win the clone wars: Runtime re-randomization In: Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS ’16).. NDSS Symposium, San Diego.
Google Scholar
Microsoft (2008) A detailed description of the Data Execution Prevention (DEP) feature in Windows XP Service Pack 2. http://support.microsoft.com/kb/875352.
OWASP (2009) Format string. https://www.owasp.org/index.php/Format_string_attack.
Paleari, R, Roglia GF, Martignoni L (2009) Surgically returning to randomized lib(c) In: Annual Computer Security Applications Conference (ACSAC ’09).. ACM, New York.
Google Scholar
Seibert, J, Okhravi H, Söderström E (2014) Information leaks without memory disclosures:remote side channel attacks on diversified code In: ACM Conference on Computer and Communications Security (CCS ’14).. ACM, New York.
Google Scholar
Shacham, H, Page M, Pfaff B, Goh E-J, Modadugu N, Boneh D (2004) On the effectiveness of address-space randomization In: ACM Conference on Computer and Communications Security (CCS ’04).. ACM, New York.
Google Scholar
Snow, KZ, Monrose F, Davi L, Dmitrienko A, Liebchen C, Sadeghi A-R (2013) Just-in-time code reuse: On the effectiveness of fine-grained address space layout randomization In: IEEE Symposium on Security and Privacy (Oakland ’13).. IEEE, Berkeley.
Google Scholar
Song, C, Lee B, Lu K, Harris WR, Kim T, Lee W (2016) Enforcing kernel security invariants with data flow integrity In: Proceedings of the 2016 Network and Distributed System Security Symposium (NDSS ’16).. NDSS Symposium, San Diego.
Google Scholar
Song, C, Moon H, Alam M, Yun I, Lee B, Kim T, Lee W, Paek Y (2016) Hdfi: Hardware-assisted data-flow isolation In: Proceedings of IEEE Symposium on Security and Privacy (Oakland ’16).. NDSS Symposium, San Diego.
Google Scholar
Stanley, DM, Xu D, Spafford EH (2013) Improved kernel security through memory layout randomization In: International Performance Computing and Communications Conference (IPCCC ’13).. IEEE, San Diego.
Google Scholar
Team C (2009) Exploit writing tutorial part 6 : Bypassing stack cookies, safeseh, sehop, hw dep and aslr. https://www.corelan.be/index.php/2009/09/21/exploit-writing-tutorial-part-6-bypassing-stack-cookies-safeseh-hw-dep-and-aslr/.
The PaX Team (2003a) PaX non-executable pages design & implementation. http://pax.grsecurity.net/docs/noexec.txt.
The PaX Team (2003b) Pax address space layout randomization (ASLR). http://pax.grsecurity.net/docs/aslr.txt.
Wartell, R, Mohan V, Hamlen K, Lin Z (2012) Binary stirring: Self-randomizing instruction addresses of legacy x86 binary code In: ACM Conference on Computer and Communications Security (CCS ’12).. ACM, New York.
Google Scholar
Xin, Z, Chen H, Han H, Mao B, Xie L (2010) Misleading malware similarities analysis by automatic data structure obfuscation In: International Conference on Information Security (ISC ’10).. Springer-Verlag, Berlin.
Google Scholar
Zhang, Y, Juels A, Reiter MK, Ristenpart T (2012) Cross-vm side channels and their use to extract private keys In: ACM Conference on Computer and Communications Security (CCS ’12).. ACM, New York.
Google Scholar
Zhang, M, Sekar R (2013) Control flow integrity for cots binaries In: USENIX Conference on Security (Security ’13).. USENIX Association, San Diego.
Google Scholar