Memory management

ACTOR: Action-Guided Kernel Fuzzing

Fuzzing reliably and efficiently finds bugs in software, including operating system kernels. In general, higher code coverage leads to the discovery of more bugs. This is why most existing kernel fuzzers adopt strategies to generate a series of inputs that ...

Usenix Assoc2023

Thwarting Malicious Adversaries in Homomorphic Encryption Pipelines

Sylvain Chatel

Homomorphic Encryption (HE) enables computations to be executed directly on encrypted data. As such, it is an auspicious solution for protecting the confidentiality of sensitive data without impeding its usability. However, HE does not provide any guarant ...

EPFL2023

mu RAI: Securing Embedded Systems with Return Address Integrity

Mathias Josef Payer

Embedded systems are deployed in security critical environments and have become a prominent target for remote attacks. Microcontroller-based systems (MCUS) are particularly vulnerable due to a combination of limited resources and low level programming whic ...

INTERNET SOC2020

SpecROP: Speculative Exploitation of ROP Chains

Mathias Josef Payer, Atri Bhattacharyya, Andrés Sánchez Marín

Speculative execution attacks, such as Spectre, reuse code from the victim’s binary to access and leak secret information during speculative execution. Every variant of the attack requires very particular code sequences, necessitating elaborate gadget-sear ...

2020

SoK: Shining Light on Shadow Stacks

Mathias Josef Payer, Xiangyu Zhang

Control-Flow Hijacking attacks are the dominant attack vector against C/C++ programs. Control-Flow Integrity (CFI) solutions mitigate these attacks on the forward edge, i.e., indirect calls through function pointers and virtual calls. Protecting the backwa ...

IEEE COMPUTER SOC2019

Block Oriented Programming: Automating Data-Only Attacks

Mathias Josef Payer

With the widespread deployment of Control-Flow Integrity (CFI), control-flow hijacking attacks, and consequently code reuse attacks, are significantly more difficult. CFI limits control flow to well-known locations, severely restricting arbitrary code exec ...

ASSOC COMPUTING MACHINERY2018

Unified prefetching into instruction cache and branch target buffer

Babak Falsafi, Boris Robert Grot, Ilknur Cansu Kaynak

A system and method of coupling a Branch Target Buffer (BTB) content of a BTB with an instruction cache content of an instruction cache. The method includes: tagging a plurality of target buffer entries that belong to branches within a same instruction blo ...

2017

Near-optimal Deployment of Dataflow Applications on Many-core Platforms with Real-time Guarantees

Alena Simalatsar, Stefanos Skalistis

Safe and optimal deployment of data-streaming applications on many-core platforms requires the realistic estimation of task Worst-Case Execution Time (WCET). On the other hand, task WCET depends on the deployment solution, due to the varying number of inte ...

IEEE2017

Buffer overlow vulnerabilities in CUDA: a preliminary analysis

Andrea Miele

We present a preliminary study of buffer overflow vulnerabilities in CUDA software running on GPUs. We show how an attacker can overrun a buffer to corrupt sensitive data or steer the execution flow by overwriting function pointers, e.g., manipulating the ...

Springer France2015

Asynchronous memory access chaining

Babak Falsafi, Boris Robert Grot, Yusuf Onur Koçberber

In-memory databases rely on pointer-intensive data structures to quickly locate data in memory. A single lookup operation in such data structures often exhibits long-latency memory stalls due to dependent pointer dereferences. Hiding the memory latency by ...

2015