Hacking Data-Flow for Turing-Complete Attacks
MetadataShow full item record
Control-flow hijacking attacks from memory errors become more and more difficult as targeted defense mechanisms gain wide deployment. As an alternative, non-control data attacks do not require diverting the application’s control flow, and thus can bypass existing advanced defense mechanisms. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness. In this talk, Dr. Hu will first present data-flow stitching, a systematic method to build data-oriented attacks. Instead of corrupting individual data inside the program, data-flow stitching breaks existing data-flows and connects the fragments in a malicious manner, thus enabling systematic construction. Then I will propose data-oriented programming, a novel method to build expressive data-oriented attacks, even Turing-complete attacks. Finally, Dr.Hu will show data-oriented attacks against Chromium that bypass the fundamental SOP policy.