Main navigation | Main content
Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, and Zhiqiang
Lin. “Securing untrusted code via compiler-agnostic binary
rewriting”. In Annual Computer Security Applications
Conference (ACSAC), pages 299–308, Orlando, FL, USA,
December 2012.
[ACM]
Presentation slides about this paper are here (PDF).
Dinakar Dhurjati, Sumant Kowshik, and Vikram Adve. “SAFECode:
enforcing alias analysis for weakly typed languages”. In
Programming Language Design and Implementation (PLDI), pages
144–157, Ottawa, ON, CA, June 2006.
[ACM]
Question: In Section 6.1, Wartell et al. (the first reading) argue that "[a] connection to source code is foundational to CFI ... [w]ithout source code, there is no sensible definition of control-flow integrity". What do you think of this claim?
Susanta Nanda, Wei Li, Lap-Chung Lam, and Tzi-cker
Chiueh. “BIRD: Binary interpretation using runtime
disassembly”. In Code Generation and Optimization (CGO),
pages 358–370, March 2006.
[IEEE]
A somewhat older paper on binary rewriting. One point to note is the difficultly highlighted of disassembling x86 binaries on Windows.
Periklis Akritidis, Cristian Cadar, Costin Raiciu, Manuel Costa, and
Miguel Castro. “Preventing memory error exploits with
WIT”. In IEEE Symposium on Security and Privacy
“Oakland”, pages 263–277, Oakland, CA, USA, May
2008.
[IEEE]
This paper, by comparison, builds a more precise kind of memory access checking (suitable for instance for non-control data attacks) on top of a CFI-like scheme.