On current systems, programs are written in low-level languages like C or C++ which are prone to memory corruption errors. Such vulnerabilities are used to compromise the integrity and confidentiality of running systems, to execute attacker-controlled code, and to exfiltrate sensitive data. While finding and fixing bugs is important, some bugs will very likely remain. Our research focuses on making systems resilient against attack vectors in the presence of unpatched vulnerabilities. By leveraging compiler-based and binary-translation-based tools we enforce additional security policies on the running software to guarantee the integrity, confidentiality, and availability of systems.
The implementation prototypes of all published papers are available as open-source on the HexHive GitHub page. We welcome any feedback and comments but be aware that these are research prototypes, not production ready software.