Version v.002

lecture: Memory Corruption: Why We Can't Have Nice Things


Memory corruption plagues systems since the dawn of computing. With the
rise of defense techniques like stack cookies, ASLR, and DEP attacks
have become much more complicated, yet control-flow hijack attacks are
still prevalent. Attacks rely on code reuse, often leveraging some form
of information disclosure. Stronger defense mechanisms have been
proposed but none have seen wide deployment so far (i) due to the time
it takes to deploy a security mechanism, (ii) incompatibility with
specific features, and (iii) most severely due to performance overhead.
In this talk, we evaluate the security benefits and limitations of the
status quo and look into upcoming defense mechanisms and their attacks.
Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) are two of
the hottest upcoming defense mechanisms. CFI guarantees that the runtime
control flow follows the statically determined control-flow graph. An
attacker may reuse any of the valid transitions at any control-flow
transfer. CPI on the other hand is a dynamic property that enforces
memory safety guarantees like bounds checks for code pointers by
separating code pointers from regular data. We will discuss differences
and advantages/disadvantages of both approaches, especially considering
their security guarantees and performance impacts, and look at
strategies to defend against other attack vectors.


Day: 2016-09-09
Start time: 15:15
Duration: 01:00
Room: Tesla



Click here to let us know how you liked this event.

Concurrent events