infosec academia: solving problems no one had since 2004

Infosec academia found Spectre and Meltdown, built Nexmon, weaponized Rowhammer, ended MD5, and built more effective forks of AFL than I can count. Infosec academia is doing just fine.

Disagree on Spectre and Meltdown; Jann Horn and Paul Kocher were not infosec academia and were the first discoverers (academia reverse engineered from Linux changes); AFL forks: Not sure whether stringent evaluation will confirm the "more effective" claim. Agreed on Nexmon & RH.

I am not academia either.

So lots of bad papers come out of infosec academia, but certainly, there is a lot of good stuff coming from academia. With the exception of Spectre/Meltdown, the side channel space is completely dominated by academia. CFI started in academia. etc.

CFI didn't start in academia but with yours truly ;). hint: pax-future.txt

I should have guessed that. Apologies.

While there were ideas to restrict control-flow before CFI, CFI was formalized and implemented in academia then iterated on several times. We try to explain the situation and give an overview in our survey: nebelwelt.net/publications/f…

as for 'formalized', it's wrong too, if you read and understand their model, it's basically a tautology (assumes a model in which control flow violations aren't possible then "proves" it). btw, where's any mention of RAP (or FPValidator for that matter) in your 'survey'?

Also, we once tried to compare against RAP in a project but ran into compatibility issues and gave up in the end as it was not worth the effort compared to the (stronger?) LLVM-CFI/shadow stack combination.