thanks for playing, it was neither :). you just shamed pretty much the entire academic CFI crowed.
1
I disagree on that part.
You assume things you cannot know, that is someone being aware of a specific work maliciously avoids citing it for whatever reasons. And additionally, as this went through peer review, that the reviewers were fine with this. [1/2]
2
i don't assume, i know for a fact that say @gannimo knew about RAP when he wrote some of his CFI related papers. now what? ;)
1
that and CFIXX, HEXTYPE, etc, where's the citation of my work in there? that CSUR paper added a few down-playing words about my early work and zero about RAP itself, never mind an actual evaluation. you could have asked me to help conduct the tests but you never did. why not?
2
1
2
CFIXX targets vtable pointer integrity for C++. HexType is a sanitizer for C++ type safety. Why should we cite your work there? You describe protecting returns through a set check and read-only code function pointers. We cited some CFI work but not everything.
2
1
for the same reason you cited the Abadi paper? pax-future.txt has all the basic ideas that i later implemented in RAP and predated the CFI paper by 2+ years..
3
miles ahead? maybe for academics who had been always behind the state of the art by a couple of years, but there was nothing new in there for me and other subject matter experts (you yourself should know better given how many times we discussed these topics at the sous bock ;).
1
1
such as optimizations, C++ support (chromium in 2014), xen, etc. all this was done in secret because of the patenting process which only finished recently, so i'm actually more free now to write publicly. we'll see how much time i can spare for this outside family&work. [n/n]
Dec 21, 2018 · 2:05 AM UTC
1
1