The Center for Education and Research in Information Assurance and Security (CERIAS)

The Center for Education and Research in
Information Assurance and Security (CERIAS)

Mathias Payer - Purdue University

Students: Spring 2024, unless noted otherwise, sessions will be virtual on Zoom.

WarGames in Memory: Fighting Powerful Attackers

Sep 10, 2014

Download: Video Icon MP4 Video Size: 102.4MB  
Watch on Youtube Watch on YouTube

Abstract

Memory corruption (e.g., buffer overflows, random writes, memory
allocation bugs, or uncontrolled format strings) is one of the oldest
and most exploited problems in computer science. These problems are
here to stay as low-level languages like C or C++ continue to trade
safety for potential performance. A small set of all proposed
solutions (e.g., Address Space Layout Randomization, Data Execution
Prevention, and stack canaries) is applied in practice but real
exploits show that all currently deployed protections can be defeated.
The problems of current protection mechanisms call for novel
approaches towards software protection that fulfill the following
properties: low overhead for high security guarantees, no changes to
the original source code, and compatibility to existing libraries and
binaries (including a partial migration strategy).

We present a security policy that deterministically protects software
against control-flow hijack attacks. Our mechanism uses both a
user-space virtualization system (building on binary translation) to
support legacy code and a compiler-based framework to enforce the
integrity of all code pointers at runtime. Such a system controls the
execution of all code in user-space, extracts information from all
loaded components, and enforces a strong security policy for the
executed software with low overhead. We show possible pitfalls and
limitations and discuss future extensions and optimizations.

About the Speaker

Mathias Payer is a security researcher and an assistant professor in
computer science at Purdue university. His interests are related to
system security, binary exploitation, user-space software-based fault
isolation, binary translation/recompilation, and (application)
virtualization.

Before joining Purdue in 2014 he spent two years as PostDoc in Dawn
Song's BitBlaze group at UC Berkeley. He graduated from ETH with a Dr.
sc. ETH in 2012. The topic of his thesis is related to low-level
binary translation and security. After developing a fast binary
translation system (fastBT) he started to analyze different exploit
techniques and wondered how binary translation could be used to raise
the guard of current systems (with TRuE and libdetox as a prototype
implementation of the security framework).


Ways to Watch

YouTube

Watch Now!

Over 500 videos of our weekly seminar and symposia keynotes are available on our YouTube Channel. Also check out Spaf's YouTube Channel. Subscribe today!