Show simple item record

dc.contributor.authorPayer, Mathias
dc.date.accessioned2017-09-27T18:17:57Z
dc.date.available2017-09-27T18:17:57Z
dc.date.issued2017-09-08
dc.identifier.urihttp://hdl.handle.net/1853/58790
dc.descriptionPresented on September 8, 2017 at 12:00 p.m. in the Klaus Advanced Computing Building, Room 1116W.en_US
dc.descriptionMathias Payer is a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. He is interested in system security, binary exploitation, software-based fault isolation, binary translation/recompilation, and virtualization.en_US
dc.descriptionRuntime: 56:16 minutesen_US
dc.description.abstractMemory corruption has plagued systems since the dawn of computing. With the rise of defense techniques (such as stack cookies, ASLR, and DEP), attacks have become much more complicated, yet control-flow hijack attacks are still prevalent. Attacks rely on code reuse, often leveraging some form of information disclosure. Stronger defense mechanisms have been proposed but none have seen wide deployment so far due to the time it takes to deploy a security mechanism, the incompatibility with systems/software, and most severely due to performance overhead. In this talk, we evaluate the security benefits and limitations of the status quo and look into upcoming defense mechanisms (and their attacks). Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) are two of the hottest upcoming defense mechanisms. CFI guarantees that the runtime control flow follows the statically determined control-flow graph. An attacker may reuse any of the valid transitions at any control-flow transfer. CPI on the other hand is a dynamic property that enforces memory safety guarantees integrity of code pointers by separating code pointers from regular data. We will discuss differences and advantages/disadvantages of both approaches, especially considering their security guarantees and performance impacts, and look at strategies to defend against other attack vectors like type confusion.en_US
dc.format.extent56:16 minutes
dc.language.isoen_USen_US
dc.publisherGeorgia Institute of Technologyen_US
dc.relation.ispartofseriesCybersecurity Lecture Seriesen_US
dc.subjectCode-Pointer Integrity (CPI)en_US
dc.subjectControl-Flow Integrity (CFI)en_US
dc.subjectData integrityen_US
dc.subjectMemory corruptionen_US
dc.titleWhy Memory Corruption is Harden_US
dc.typeLectureen_US
dc.typeVideoen_US
dc.contributor.corporatenameGeorgia Institute of Technology. Institute for Information Security & Privacyen_US
dc.contributor.corporatenamePurdue University. Dept. of Computer Scienceen_US


Files in this item

This item appears in the following Collection(s)

Show simple item record