Main navigation | Main content
Hovav Shacham. “The geometry of innocent flesh on the bone:
return-into-libc without function calls (on the x86)”. In ACM
Conference on Computer and Communications Security (CCS), pages
552–561, Alexandria, VA, USA, October 2007.
[ACM]
Joshua Mason, Sam Small, Fabian Monrose, and Greg
MacManus. “English shellcode”. In ACM Conference on
Computer and Communications Security (CCS), pages 524–533,
Chicago, IL, USA, November 2009.
[ACM]
Question: When researchers work on attack techniques, as described in this class's papers, there can be countervailing pressures against the usual spirit of intellectual openness. For instance the authors of the English Shellcode paper say (at the beginning of Section 6) that they intentionally choose not to include a complete shellcode example in their paper. By contrast the ROP paper does include a complete example. What do you think of these respective decisions? They might have been motivated in part by other technical differences (for instance, an English shellcode example would be longer), but setting those aside, which course of action do you think was better?