-
Accepted Paper at IEEE S&P '23
Our paper Control Flow and Pointer Integrity Enforcement in a Secure Tagged Architecture by Ravi Theja Gollapudi, Gokturk Yuksek, David Demicco, Matthew Cole, Gaurav Kothari Rohit Kulkarni, Xin Zhang, Kanad Ghose, Aravind Prakash and Zerksis Umrigar has been accepted at 44th IEEE Symposium on Security and Privacy (IEEE S&P 2023). I’m particularly proud of this work, as it’s the culmination of over five years of work under the DARPA System Security Integration Through Hardware and Firmware (SSITH) Program to provide secure architectures for systems that are essential to modern life.
-
Accepted Paper at WDFHC '22
Our paper A Security Analysis of Labeling-Based Control-Flow Integrity Schemes by David Demicco, Matthew Cole, Shengdun Wang and Aravind Prakash has been accepted at Workshop on Data Fabric for Hybrid Cloud 2022 (WDFHC ‘22).
-
Accepted Paper at NordSec '22
Our paper Simplex: Repurposing Intel Memory Protection Extensions for Secure Storage by Matthew Cole and Aravind Prakash has been accepted at Nordic Conference on Secure IT Systems (NordSec ‘22). The acceptance rate was 22.5%.
-
Building LLVM for RISC-V Cross Compilation
So you want to build software for the RISC-V architecture (I’m playing with the Open ISA Vega RV32M1 development board)? Great, you’ll need a compiler. Although GCC officially supports you, with full upstream support as of GCC 7.1 and binutils 2.28, if you’re interested in hacking the compiler before building software, you’ve probably chosen LLVM. In that case, you’ll need a bit more effort to get LLVM to build as a cross-compiler.
-
Building SPEC CPU2017 Sandboxes
You may want to build a sandbox if one or more of these sound familiar:
- You want to build recognizable, representative binaries instead of toy programs for experimentation, but you also don’t want the overhead of the actual SPEC CPU2017 benchmark suite, nor a script to manage the binaries’ execution.
- You want to modify the source code of the benchmarks without corrupting the SPEC CPU2017 source tree. Modifying the source code is allowed if you use the
strict_rundir_verify=no
option in your configuration file, or if you create a modified installation of the benchmark using theconvert_to_development
utility. But an easier option is to create sandboxes for each benchmark program you wish to investigate, and it doesn’t corrupt the source tree if you’re reusing it with other experiments. - You want to modify the options or inputs provided to the benchmarks to investigate how the benchmark binaries respond.
-
Source Code Analysis for Design Patterns
Design pattern extraction tools analyze source code and attempt to match the code to a collection of specimen design patterns. We reviewed tools announced by peer-reviewed literature, and found that the existing tools are unsatisfactory for use by modern C++ developers and analysts.
-
Accepted Paper at ACSAC '17
Our paper Supplementing Modern Software Defenses with Stack-Pointer Sanity by Anh Quach, Matthew Cole and Aravind Prakash has been accepted at ACSAC ‘17. The acceptance rate was 19.7%.