COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. |
University of Cambridge > Talks.cam > Computer Laboratory Security Seminar > On the power of techniques for defeating code reuse attacks + some retrospective reflection on the DARPA CRASH program
On the power of techniques for defeating code reuse attacks + some retrospective reflection on the DARPA CRASH programAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Laurent Simon. Abstract: Code reuse attacks (Return Oriented Programming, etc) have become one the key tools in the arsenal of attackers who are retrying to subvert remote systems through technical means. A new defensive technique, called Code Pointer Integrity, or CPI was proposed this past summer. It has the attractive property of being implemented wholly in software, seeming to offer broad coverage against code reuse attacks while imposing modest performance penalties (~6%). In an upcoming paper, our group demonstrated a technique for bypassing CPI . I will explain how code reuse attacks work, how CPI was supposed to prevent them, and how we bypassed CPI . I will also outline some work that we are currently conducting that uses a simple hardware architectural extension to prevent against both code reuse and code injection attacks (and probably other types of attacks as well). This work grew out of an attempt to harvest some of the simpler ideas explored in DARPA ’s CRASH program (of which I was the program manager). I share some personal reflections on the CRASH program and what it produced. This talk is part of the Computer Laboratory Security Seminar series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsThe LMS Hardy Lecture High Energy Physics Seminars Armourers and Brasiers Cambridge Forum Dobson Group - General Interest Why Deep Neural Networks Are Promising for Speech Recognition Statistics Meets Public HealthOther talksTO A TRILLION AND BEYOND: THE FUTURE OF COMPUTING AND THE INTERNET OF THINGS - The IET Cambridge Prestige Lecture Machine learning, social learning and self-driving cars Barnum, Bache and Poe: the forging of science in the Antebellum US Changing understandings of the human fetus over five decades of legal abortion Coinage in the later medieval countryside: single-finds and the evidence from Rendlesham, Suffolk Electron Catalysis |