|![[Search]](https://talks.cam.ac.uk/images/search.gif?1209136071)
|![[A-Z Index]](https://talks.cam.ac.uk/images/az.gif?1209136071)
|![[Contact]](https://talks.cam.ac.uk/images/contact.gif?1209136071)
||![[University of Cambridge]](https://talks.cam.ac.uk/images/identifier2.gif?1209136071){kind=small} |
COOKIES: By using this website you agree that we can place Google Analytics Cookies on your device for performance monitoring. | ![[Talks.cam]](https://talks.cam.ac.uk/images/talkslogosmall.gif?1209136071) |
University of Cambridge > Talks.cam > Microsoft Research Cambridge, public talks > The Difficulty of Preventing Code Reuse Attacks
The Difficulty of Preventing Code Reuse AttacksAdd to your list(s) Download to your calendar using vCal
If you have a question about this talk, please contact Microsoft Research Cambridge Talks Admins. This event may be recorded and made available internally or externally via http://research.microsoft.com. Microsoft will own the copyright of any recordings made. If you do not wish to have your image/voice recorded please consider this before attending In this talk, I will give a brief introduction to code reuse attacks – e.g., return-oriented programming – and give an overview on recent developments in defenses; including academic proposal as well as actually deployed ones such as EMET and CFG . I will present my own work on two advanced attack techniques dubbed “Branch History Flushing” (RAID 2014) and “Counterfeit Object-oriented Programming” (short COOP ; in submission). COOP abuses common artifacts in binary C++ code and breaks with long-held assumptions on the nature of code reuse attacks. Consequently, it bypasses a wide range of existing defenses including the recently proposed “Code-Pointer Separation” (practical “Code-Pointer Integrity”; OSDI 2014 ) and Windows 10’s CFG . I will discuss in particular why currently no strong defense against COOP exists that does not require access to a software’s source code and why designing a strong binary-only defense will be challenging. The main takeaway should be that many of today’s defenses are built on improper assumptions and that even supposedly small “wiggle room” for an attacker can still lead to full system compromise. This talk is part of the Microsoft Research Cambridge, public talks series. This talk is included in these lists:
Note that ex-directory lists are not shown. |
Other listsCambridge Graphene Centre talks Kettle's Yard Lunchtime Talks Mental Health Week 2013 epigenetic club BRC Seminar SeriesOther talksPart IIB Poster Presentations Building cortical networks: from molecules to function Self-Assembled Nanomaterials for 3D Bioprinting and Drug Delivery Applications Cellular recycling: role of autophagy in aging and disease Simulating wave propagation in elastic systems using the Finite-Difference-Time-Domain method Develop a tool for inferring symptoms from prescriptions histories for cancer patients |
Felix Schuster, University of Bochum
Monday 16 February 2015, 09:00-10:00