Jens Knoop, Uwe Zdun (Hrsg.): Software Engineering 2016, Lecture Notes in Informatics (LNI), Gesellschaft f¨ur Informatik, BonnLearning how to prevent return-oriented programming efficiently David Pfaff 1 Sebas

Source URL: subs.emis.de

Q: Exploit Hardening Made Easy Edward J. Schwartz, Thanassis Avgerinos and David Brumley Carnegie Mellon University, Pittsburgh, PA {edmcman, thanassis, dbrumley}@cmu.edu

Source URL: users.ece.cmu.edu

• Computing
• Computer security
• Software bugs
• Address space layout randomization
• Gadget
• Buffer overflow
• Return-to-libc attack
• Shellcode
• Instruction selection
• Position-independent code
• NOP
• Return-oriented programming

PSHAPE: Automatically Combining Gadgets for Arbitrary Method Execution Andreas Follner1 , Alexandre Bartel1 , Hui Peng2 , Yu-Chen Chang2 , Kyriakos Ispoglou2 , Mathias Payer2 , and Eric Bodden3 1

Source URL: hexhive.github.io

• Software
• Computing
• Return-oriented programming
• Gadget
• Microsoft Gadgets
• Calling convention
• Assembly language
• Blind return oriented programming

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGYFallQuiz I Solutions

Source URL: css.csail.mit.edu

• Computing
• Software engineering
• Computer programming
• Software bugs
• X86 architecture
• Buffer overflow
• Computer memory
• X86-64
• Return-to-libc attack
• X86
• Return-oriented programming
• NX bit

doi:The idea is to identify security-critical software bugs so they can be fixed first. By Thanassis Avgerinos, Sang Kil Cha, Alexandre Rebert, Edward J. Schwartz, Maverick Woo, and David Brumle

Source URL: users.ece.cmu.edu

• Computer security
• Computing
• Cyberwarfare
• Software bugs
• Computer errors
• Shellcode
• Buffer overflow
• Return-oriented programming
• Heap overflow
• Address space layout randomization
• Symbolic execution
• Exploit

2015 IEEE Trustcom/BigDataSE/ISPA Loop-Oriented Programming: A New Code Reuse Attack to Bypass Modern Defenses Bingchen Lan, Yan Li, Hao Sun, Chao Su, Yao Liu, Qingkai Zeng

Source URL: www.sec.in.tum.de

• Software engineering
• Computer programming
• Computing
• Subroutines
• Computer security
• Software bugs
• Memory management
• Return-oriented programming
• Control-flow integrity
• Control flow
• Call stack
• Gadget

Moving Target Techniques: Leveraging Uncertainty for Cyber Defense Hamed Okhravi, William W. Streilein, and Kevin S. Bauer Cyber moving target techniques involve

Source URL: www.ll.mit.edu

• Cybercrime
• E-commerce
• Cyberwarfare
• Computer network security
• Address space layout randomization
• Return-oriented programming
• PaX
• Computer security
• Exploit
• Timing attack
• Side-channel attack
• Phishing

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGYFallQuiz I Solutions

Source URL: css.csail.mit.edu

• Software bugs
• Buffer overflow protection
• Buffer overflow
• Return-to-libc attack
• Stack
• Subroutine
• C standard library
• Stack buffer overflow
• Return-oriented programming

CFIMon: Detecting Violation of Control Flow Integrity using Performance Counters Yubin Xia† ‡, Yutao Liu† ‡, Haibo Chen†, Binyu Zang‡ †Institute of Parallel and Distributed Systems, Shanghai Jiao Tong Unive

Source URL: ipads.se.sjtu.edu.cn

• Central processing unit
• Machine code
• Software bugs
• Return-oriented programming
• Computer memory
• Instruction set architectures
• Buffer overflow protection
• Self-modifying code
• Subroutine
• Stack
• Return-to-libc attack
• Instruction set

String Oriented Programming: When ASLR is not Enough Mathias Payer Thomas R. Gross Department of Computer Science

Source URL: hexhive.github.io

• Computing
• Computer security
• Software
• Software bugs
• C standard library
• Address space layout randomization
• Return-oriented programming
• Stack buffer overflow
• Return-to-libc attack
• Buffer overflow
• PaX
• Uncontrolled format string