Selected Publications

We provide a systematic overview of sanitizers with an emphasis on their role in finding security issues.
To appear in SP 2019, 2018

In this paper, we first significantly improve and simplify the COOP attack. Based on a strong adversarial model, we then present the design and implementation of a comprehensive code-reuse defense which is resilient against reuse of dynamically-bound functions.
In CCS, 2015

In this paper we show how to exploit heap-based vulnerabilities to control the stack contents including security-critical values used to validate control-flow transfers. Our investigation shows that although program analysis and compiler-based mitigations reduce stack-based vulnerabilities, stack-based memory corruption remains an open problem.
In CCS, 2015

In this paper, we address the deficiencies of existing solutions and present the first practical, fine-grained code randomization defense, called Readactor, resilient to both static and dynamic ROP attacks.
In SP, 2015

We show that an attacker can accurately identify protected code pointers of interest and mount code-reuse attacks at the abstraction level of pointers without requiring any knowledge of code addresses. We analyze the prevalence of opportunities for such attacks in popular code bases and build three real-world exploits against Nginx and Apache to demonstrate their practicality.
In NDSS, 2015

Opaque CFI (O-CFI) is the first exploit mitigation technique that resists this latest wave of attacks against fine-grained code randomization. By combining fine-grained code-randomization with coarse-grained integrity checks, it conceals the graph of hijackable control-flow edges even from attackers who can view the complete stack, heap, and binary code of the victim process.
In NDSS, 2015

In this paper, we systematically study the state-of-the-art in software diversity and highlight fundamental trade-offs between fully automated approaches.
In SP, 2014

Just-in-time compilers (JITs) are here to stay. Unfortunately, they also provide new capabilities to cyber attackers, namely the ability to supply input programs (in languages such as JavaScript) that will then be compiled to executable code. Once this code is placed and marked as executable, it can then be leveraged by the attacker. Randomization techniques such as constant blinding raise the cost to the attacker, but they significantly add to the burden of implementing a JIT. There are a great many JITs in use today, but not even all of the most commonly used ones randomize their outputs.
In CCS, 2013

We use profile-guided optimization to reduce the performance overhead of software diversity. The primary insight is that we are free to diversify cold code, but restrict our diversification efforts in hot code.
In CGO, 0001