Car-to-X communication stands for the communication of di↵erent vehicles (vehicle-to-vehicle) as well as for the communication of vehicles and infrastructure (vehicle-to-infrastructure). The development of these technologies promotes the emergence of new car infotainment and telematic services of added value for users. The side e↵ect is the exposure of vehicles to a number of new threats, such ...

Use-after-free vulnerabilities exploiting so-called dangling pointers to deallocated objects are just as dangerous as buffer overflows: they may enable arbitrary code execution. Unfortunately, state-of-the-art defenses against use-after-free vulnerabilities require compiler support, pervasive source code modifications, or incur high performance overheads. This paper presents and evaluates Cling...

Attack techniques based on code reuse continue to enable real-world exploits bypassing all current mitigations. Code randomization defenses greatly improve resilience against code reuse. Unfortunately, sophisticated modern attacks such as JITROP can circumvent randomization by discovering the actual code layout on the target and relocating the attack payload on the fly. Hence, effective code ra...

In the Object-Oriented approach a designer can, given an existing base class, use inheritance to build a derived class that extends, or that slightly differs from the base class. But in order to exploit the full potential of inheritance to build systems incrementally, the designer must also be able to reason about the derived class incrementally. This paper presents a specification notation and...

Securing cyber-physical systems (CPS) against malicious attacks is of paramount importance because these may cause irreparable damages to physical systems. Recent studies have revealed that control programs running on CPS devices suffer from both control-oriented (e.g., code-injection or code-reuse attacks) and data-oriented non-control data attacks). Unfortunately, existing detection mechanism...

Recently, code reuse attacks (CRAs), such as returnoriented programming (ROP) and jump-oriented programming (JOP), have emerged as a new class of ingenious security threatens. Attackers can utilize CRAs to hijack the control flow of programs to perform malicious actions without injecting any codes. Many defenses, classed into software-based and hardwarebased, have been proposed. However, softwa...

Code reuse is a form of knowledge reuse in software development, which is fundamental to innovation in many fields. Yet, to date, there has been no systematic investigation of code reuse in open source software projects. This study uses quantitative and qualitative data gathered from a sample of six open source software projects to explore two sets of research questions derived from the literat...

Control Flow Integrity (CFI) is one of the most promising technique to defend Code-Reuse Attacks (CRAs). Traditional CFI Systems and recent Context-Sensitive CFI use coarse control flow graphs (CFGs) to analyze whether the control flow hijack occurs, left vast space for attackers at indirect call-sites. Coarse CFGs make it difficult to decide which target to execute at indirect control-flow tra...

Memory corruption attacks such as code injection, reuse, and non-control data have become widely popular for compromising safety-critical Cyber–Physical Systems (CPS). Moving target defense (MTD) techniques instruction set randomization (ISR), address space (ASR), (DSR) can be used to protect systems against attacks. CPS often use time-triggered architectures guarantee predictable reliable oper...