infosec academia: solving problems no one had since 2004

Infosec academia found Spectre and Meltdown, built Nexmon, weaponized Rowhammer, ended MD5, and built more effective forks of AFL than I can count. Infosec academia is doing just fine.

Disagree on Spectre and Meltdown; Jann Horn and Paul Kocher were not infosec academia and were the first discoverers (academia reverse engineered from Linux changes); AFL forks: Not sure whether stringent evaluation will confirm the "more effective" claim. Agreed on Nexmon & RH.

I am not academia either.

So lots of bad papers come out of infosec academia, but certainly, there is a lot of good stuff coming from academia. With the exception of Spectre/Meltdown, the side channel space is completely dominated by academia. CFI started in academia. etc.

CFI didn't start in academia but with yours truly ;). hint: pax-future.txt

I should have guessed that. Apologies.

While there were ideas to restrict control-flow before CFI, CFI was formalized and implemented in academia then iterated on several times. We try to explain the situation and give an overview in our survey: nebelwelt.net/publications/f…

nope, i fully described the exploit techniques (one of which is handled by CFI) already at the time. it wasn't just 'ideas to restrict control flow', it was a full system that had already guided my work on PaX. a shame that academics have been trying to play this down ever since.

In web.archive.org/web/20070614… (oldest reference I could find) your proposed forward-edge protection makes code pointers read-only. This will reduce the attack surface by restricting targets for *some* pointers but leave many code pointers unprotected.