“…In other words, CodeArmor's design probabilistically ensures that only "live" code pointers that can be leaked from data memory can be used (as-is) as individual gadgets by attackers, significantly reducing the attack surface. Unlike existing leakage-resistant code diversification techniques that provide similar security guarantees [43], [42], [27], [30], [83], [91], [64], [10], [9], [18], CodeArmor works entirely at the binary level without any need for source, special hardware support, or modifications to the underlying software stack (i.e., OS or hypervisor).…”