Show simple item record

dc.contributor.authorBurow, Nathan
dc.date.accessioned2018-09-28T14:52:46Z
dc.date.available2018-09-28T14:52:46Z
dc.date.issued2018-09-21
dc.identifier.urihttp://hdl.handle.net/1853/60451
dc.descriptionPresented on September 21, 2018 at 12:00 p.m. in the Engineered Biosystems Building, Room 1005.en_US
dc.descriptionNathan Burow is a post-doctoral researcher at Purdue University under Dr. Mathias Payer. His research interests lie in compiler technologies to mitigate control-flow hijacking attacks. In particular, he is interested in memory safety and policies, such as CFI, that attempt to prevent exploits without preventing memory safety violations. Burrow was a founding member and the first president of Purdue’s "B01lers" capture-the-flag hacking team.en_US
dc.descriptionRuntime: 43:14 minutesen_US
dc.description.abstractDespite over 20 years of research, control-flow hijacking attacks remain the most significant threat to software security. Attackers exploit C/C++ lack of memory and type safety to corrupt code-pointers, thereby hijacking application control flow and redirecting it to locations of their choice. Control-flow hijacking through code-pointer corruption lies at the heart of modern code-reuse attacks such as return-oriented programming (ROP). The state-of-the-art defense against these attacks is Control-Flow Integrity (CFI), which limits attackers to a set of targets based on a static computation of the program’s control-flow graph (CFG). Computing the CFG relies on alias analysis, which is fundamentally over-approximated, leaving attackers sufficient freedom to exploit software. Further, deployed CFI implementations do not protect return instructions and so do not mitigate ROP. This talk will focus on recent advancements by myself and the HexHive group at Purdue in addressing both the precision of control-flow hijacking defenses and also protecting returns. For precision, we observe that C++ virtual calls have their targets uniquely determined by the underlying object’s class. Consequently, we introduce a new policy called Object Type Integrity (OTI) that dynamically tracks the class (type) of every object, thereby protecting virtual calls. OTI is significantly more precise than CFI on real-world applications such as browsers, allowing only one target for virtual calls as opposed to a set of up to 100. Returns are best protected by shadow stacks, which mirror the return addresses in a protected memory region. We comprehensively evaluate the design and performance of all existing shadow stack mechanisms, allowing us to identify two new shadow stack mechanisms and recommend a design for deployment.en_US
dc.format.extent43:14 minutes
dc.language.isoen_USen_US
dc.publisherGeorgia Institute of Technologyen_US
dc.relation.ispartofseriesCybersecurity Lecture Seriesen_US
dc.subjectControl-flow hijackingen_US
dc.subjectControl-flow integrityen_US
dc.subjectObject type integrityen_US
dc.subjectShadow stacksen_US
dc.titleNew Perspectives on Control-Flow Hijacking Mitigationen_US
dc.typeLectureen_US
dc.typeVideoen_US
dc.contributor.corporatenameGeorgia Institute of Technology. Institute for Information Security & Privacyen_US
dc.contributor.corporatenamePurdue University. Center for Education and Research in Information Assurance and Securityen_US


Files in this item

Thumbnail
Thumbnail
Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record