scholarly journals Exploitation Techniques for Data-oriented Attacks with Existing and Potential Defense Approaches

2021 ◽  
Vol 24 (4) ◽  
pp. 1-36
Author(s):  
Long Cheng ◽  
Salman Ahmed ◽  
Hans Liljestrand ◽  
Thomas Nyman ◽  
Haipeng Cai ◽  
...  
Keyword(s):  
Defense Mechanisms ◽  
Control Flow ◽  
Control Data ◽  
Open Research ◽  
Multiple Dimensions ◽  
Significant Damage ◽  
Control Flow Integrity ◽  
Detection Capabilities ◽  
Research Questions ◽  
Map Data

Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such attacks can cause significant damage even in the presence of control-flow defense mechanisms. However, these threats have not been adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented Programming (BOP) attacks, to their assumptions/requirements and attack capabilities. Then, we compare known defenses against these attacks, in terms of approach, detection capabilities, overhead, and compatibility. It is generally believed that control flows may not be useful for data-oriented security. However, data-oriented attacks (especially DOP attacks) may generate side effects on control-flow behaviors in multiple dimensions (i.e., incompatible branch behaviors and frequency anomalies). We also characterize control-flow anomalies caused by data-oriented attacks. In the end, we discuss challenges for building deployable data-oriented defenses and open research questions.

scholarly journals Users roles identification on online crowdsourced Q&A platforms and encyclopedias: a survey

2021 ◽  
Author(s):  
Akrati Saxena ◽  
Harita Reddy
Keyword(s):  
Network Analysis ◽  
Knowledge Sharing ◽  
Informal Learning ◽  
Social Roles ◽  
Online Discussion ◽  
State Of The Art ◽  
Temporal Analysis ◽  
The State ◽  
Open Research ◽  
Research Questions

AbstractOnline informal learning and knowledge-sharing platforms, such as Stack Exchange, Reddit, and Wikipedia have been a great source of learning. Millions of people access these websites to ask questions, answer the questions, view answers, or check facts. However, one interesting question that has always attracted the researchers is if all the users share equally on these portals, and if not then how the contribution varies across users, and how it is distributed? Do different users focus on different kinds of activities and play specific roles? In this work, we present a survey of users’ social roles that have been identified on online discussion and Q&A platforms including Usenet newsgroups, Reddit, Stack Exchange, and MOOC forums, as well as on crowdsourced encyclopedias, such as Wikipedia, and Baidu Baike, where users interact with each other through talk pages. We discuss the state of the art on capturing the variety of users roles through different methods including the construction of user network, analysis of content posted by users, temporal analysis of user activity, posting frequency, and so on. We also discuss the available datasets and APIs to collect the data from these platforms for further research. The survey is concluded with open research questions.

Control Flow Integrity Based on Lightweight Encryption Architecture

2018 ◽  
Vol 37 (7) ◽  
pp. 1358-1369 ◽  
Author(s):  
Pengfei Qiu ◽  
Yongqiang Lyu ◽  
Jiliang Zhang ◽  
Dongsheng Wang ◽  
Gang Qu
Keyword(s):  
Control Flow ◽  
Control Flow Integrity ◽  
Lightweight Encryption

scholarly journals Analyzing control flow integrity with LLVM-CFI

2019 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Neumayer ◽  
Zhiqiang Lin ◽  
Gang Tan ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity

scholarly journals Lessons Learnt, Open Research Questions and Recommendations

2016 ◽  
pp. 279-292
Author(s):  
Christine Bismuth ◽  
Bernd Hansjürgens ◽  
Timothy Moss ◽  
Sebastian Hoechstetter ◽  
Klement Tockner ◽  
...  
Keyword(s):  
Open Research ◽  
Lessons Learnt ◽  
Research Questions

scholarly journals Reconciling optimization with secure compilation

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-30
Author(s):  
Son Tuan Vu ◽  
Albert Cohen ◽  
Arnaud De Grandmaison ◽  
Christophe Guillon ◽  
Karine Heydemann
Keyword(s):  
Side Effects ◽  
Control Flow ◽  
Partial Ordering ◽  
Input Output ◽  
Machine Code ◽  
Fine Grained ◽  
Control Flow Integrity ◽  
Correct Execution ◽  
Source Level ◽  
And Performance

Software protections against side-channel and physical attacks are essential to the development of secure applications. Such protections are meaningful at machine code or micro-architectural level, but they typically do not carry observable semantics at source level. This renders them susceptible to miscompilation, and security engineers embed input/output side-effects to prevent optimizing compilers from altering them. Yet these side-effects are error-prone and compiler-dependent. The current practice involves analyzing the generated machine code to make sure security or privacy properties are still enforced. These side-effects may also be too expensive in fine-grained protections such as control-flow integrity. We introduce observations of the program state that are intrinsic to the correct execution of security protections, along with means to specify and preserve observations across the compilation flow. Such observations complement the input/output semantics-preservation contract of compilers. We introduce an opacification mechanism to preserve and enforce a partial ordering of observations. This approach is compatible with a production compiler and does not incur any modification to its optimization passes. We validate the effectiveness and performance of our approach on a range of benchmarks, expressing the secure compilation of these applications in terms of observations to be made at specific program points.

scholarly journals A comprehensive review of plus-minus ratings for evaluating individual players in team sports

2019 ◽  
Vol 18 (1) ◽  
pp. 1-23 ◽  
Author(s):  
Lars Magnus Hvattum
Keyword(s):  
Decision Making ◽  
Team Sports ◽  
Sports Analytics ◽  
Comprehensive Review ◽  
Sports Events ◽  
Open Research ◽  
New Directions ◽  
Individual Player ◽  
Research Questions ◽  
The Many

AbstractThe increasing availability of data from sports events has led to many new directions of research, and sports analytics can play a role in making better decisions both within a club and at the level of an individual player. The ability to objectively evaluate individual players in team sports is one aspect that may enable better decision making, but such evaluations are not straightforward to obtain. One class of ratings for individual players in team sports, known as plus-minus ratings, attempt to distribute credit for the performance of a team onto the players of that team. Such ratings have a long history, going back at least to the 1950s, but in recent years research on advanced versions of plus-minus ratings has increased noticeably. This paper presents a comprehensive review of contributions to plus-minus ratings in later years, pointing out some key developments and showing the richness of the mathematical models developed. One conclusion is that the literature on plus-minus ratings is quite fragmented, but that awareness of past contributions to the field should allow researchers to focus on some of the many open research questions related to the evaluation of individual players in team sports.

$$\tau $$ CFI: Type-Assisted Control Flow Integrity for x86-64 Binaries

2018 ◽  
pp. 423-444 ◽  
Author(s):  
Paul Muntean ◽  
Matthias Fischer ◽  
Gang Tan ◽  
Zhiqiang Lin ◽  
Jens Grossklags ◽  
...  
Keyword(s):  
Control Flow ◽  
Control Flow Integrity
Sign in / Sign up

Export Citation Format

Share Document