八、学术篇

8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)8.2 Return-Oriented Programming without Returns8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses8.9 Symbolic Execution for Software Testing: Three Decades Later8.10 AEG: Automatic Exploit Generation8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Softwa8.13 New Frontiers of Reverse Engineering8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks8.22 Practical Memory Checking With Dr. Memory8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware8.28 Cross-Architecture Bug Search in Binary Executables8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data8.30 Preventing brute force attacks against stack canary protection on networking servers8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code8.34 Enhancing Symbolic Execution with Veritesting8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking8.39 DART: Directed Automated Random Testing8.40 EXE: Automatically Generating Inputs of Death8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics8.45 Ramblr: Making Reassembly Great Again8.46 FreeGuard: A Faster Secure Heap Allocator8.48 Reassembleable Disassembling