WarGames in Memory: Fighting Powerful Attackers
Mathias Payer - Purdue University
Sep 10, 2014Size: 102.4MB
Download: MP4 Video
Watch in your Browser Watch on YouTube
AbstractMemory corruption (e.g., buffer overflows, random writes, memory
allocation bugs, or uncontrolled format strings) is one of the oldest
and most exploited problems in computer science. These problems are
here to stay as low-level languages like C or C++ continue to trade
safety for potential performance. A small set of all proposed
solutions (e.g., Address Space Layout Randomization, Data Execution
Prevention, and stack canaries) is applied in practice but real
exploits show that all currently deployed protections can be defeated.
The problems of current protection mechanisms call for novel
approaches towards software protection that fulfill the following
properties: low overhead for high security guarantees, no changes to
the original source code, and compatibility to existing libraries and
binaries (including a partial migration strategy).
We present a security policy that deterministically protects software
against control-flow hijack attacks. Our mechanism uses both a
user-space virtualization system (building on binary translation) to
support legacy code and a compiler-based framework to enforce the
integrity of all code pointers at runtime. Such a system controls the
execution of all code in user-space, extracts information from all
loaded components, and enforces a strong security policy for the
executed software with low overhead. We show possible pitfalls and
limitations and discuss future extensions and optimizations.
About the SpeakerMathias Payer is a security researcher and an assistant professor in
computer science at Purdue university. His interests are related to
system security, binary exploitation, user-space software-based fault
isolation, binary translation/recompilation, and (application)
Before joining Purdue in 2014 he spent two years as PostDoc in Dawn
Song's BitBlaze group at UC Berkeley. He graduated from ETH with a Dr.
sc. ETH in 2012. The topic of his thesis is related to low-level
binary translation and security. After developing a fast binary
translation system (fastBT) he started to analyze different exploit
techniques and wondered how binary translation could be used to raise
the guard of current systems (with TRuE and libdetox as a prototype
implementation of the security framework).
The views, opinions and assumptions expressed in these videos are those of the presenter and do not necessarily reflect the official policy or position of CERIAS or Purdue University. All content included in these videos, are the property of Purdue University, the presenter and/or the presenter’s organization, and protected by U.S. and international copyright laws. The collection, arrangement and assembly of all content in these videos and on the hosting website exclusive property of Purdue University. You may not copy, reproduce, distribute, publish, display, perform, modify, create derivative works, transmit, or in any other way exploit any part of copyrighted material without permission from CERIAS, Purdue University.