In the face of widespread DEP and ASLR deployment, JIT spraying brings together the best of code injection and code reuse attacks to defeat both defenses. However, to date, JIT spraying has been an x86-only attack thanks to its reliance on variable-length, unaligned instructions. In this paper, we finally extend JIT spraying to a RISC architecture by introducing a novel technique called gadget ...

Spraying is a common payload delivery technique used by attackers to execute arbitrary code in presence of Address Space Layout Randomisation (ASLR). In this paper we present Graffiti, an efficient hypervisorbased memory analysis framework for the detection and prevention of spraying attacks. Compared with previous solutions, our system is the first to offer an efficient, complete, extensible, ...

With the discovery of new exploit techniques, novel protection mechanisms are needed as well. Mitigations like DEP (Data Execution Prevention) or ASLR (Address Space Layout Randomization) created a significantly more difficult environment for exploitation. Attackers, however, have recently researched new exploitation methods which are capable of bypassing the operating system’s memory mitigatio...

a r t i c l e i n f o We introduce a new computational phonetic modeling framework for sign language (SL) recognition. This is based on dynamic–static statistical subunits and provides sequentiality in an unsupervised manner, without prior linguistic information. Subunit " sequentiality " refers to the decomposition of signs into two types of parts, varying and non-varying, that are sequentiall...

Control-flow integrity (CFI) is considered a principled mitigation against control-flow hijacking even under the most powerful attacker who can arbitrarily write and read memory. However, existing schemes still demonstrated limitations in either guaranteeing high security level or achieving low performance memory overhead. These have restricted application of CFI real software. To improve its a...

An operating system kernel uses cryptographically secure pseudorandom number generator (CSPRNG) for creating address space layout randomization (ASLR) offsets to protect memory addresses of processes from exploitation, storing users’ passwords securely and cryptographic keys. However, at present, popular CSPRNGs such as Yarrow, Fortuna /dev/(u)random which are used by MacOS/iOS/FreeBSD, Windows...

Abstract Purpose The goal of this study is to see if there's a predictive relationship between diastasis rectus abdominis and pelvic floor dysfunction, sacroiliac joint postpartum women's health-related quality life. Method This cross-sectional, correlative focused on 32 mothers aged 18 45 years old. Real Ultrasound Sonographic Imaging (RUSI) was used determine DRA. Pelvic Floor Disability Inde...

Despite the fact that protection mechanisms like StackGuard, ASLR and NX are widespread, the development on new defense strategies against stack-based buffer overflows has not yet come to an end. In this article, we present a novel compiler-level protection called SCADS: Separated Control and Data Stacks that protects return addresses and saved frame pointers on a separate stack, called the con...

Memory deduplication improves the utilization of physical memory by sharing identical blocks of data. Although memory deduplication is most effective when many virtual machines with same operating systems run on a CPU, cross-user memory deduplication is a covert channel and causes serious memory disclosure attack. It reveals the existence of an application or file on another virtual machine. Th...

Many applications can benefit from isolating sensitive data in a secure library. Examples include protecting cryptographic keys behind a narrow cryptography API to defend against vulnerabilities like OpenSSL’s Heartbleed bug. When such a library is called relatively infrequently, page-based hardware isolation can be used, because the cost of kernel-mediated domain switching is tolerable. Howeve...