infosec academia: solving problems no one had since 2004

Infosec academia found Spectre and Meltdown, built Nexmon, weaponized Rowhammer, ended MD5, and built more effective forks of AFL than I can count. Infosec academia is doing just fine.

Disagree on Spectre and Meltdown; Jann Horn and Paul Kocher were not infosec academia and were the first discoverers (academia reverse engineered from Linux changes); AFL forks: Not sure whether stringent evaluation will confirm the "more effective" claim. Agreed on Nexmon & RH.

I am not academia either.

So lots of bad papers come out of infosec academia, but certainly, there is a lot of good stuff coming from academia. With the exception of Spectre/Meltdown, the side channel space is completely dominated by academia. CFI started in academia. etc.

CFI didn't start in academia but with yours truly ;). hint: pax-future.txt

I should have guessed that. Apologies.

While there were ideas to restrict control-flow before CFI, CFI was formalized and implemented in academia then iterated on several times. We try to explain the situation and give an overview in our survey: nebelwelt.net/publications/f…

as for 'formalized', it's wrong too, if you read and understand their model, it's basically a tautology (assumes a model in which control flow violations aren't possible then "proves" it). btw, where's any mention of RAP (or FPValidator for that matter) in your 'survey'?

I invite you to write up what RAP does so that we have a clear description that can be used to compare it to other work. As is, the presentation is too sparse for a clear cut comparison. We could fuzzy cite it but then you'll not be happy either.