Title:
Space Wars: Exploiting Program (in)Variants for Software Security
Space Wars: Exploiting Program (in)Variants for Software Security
dc.contributor.advisor | 56:06 minutes | |
dc.contributor.author | Hu, Hong | |
dc.contributor.corporatename | Georgia Institute of Technology. Institute for Information Security & Privacy | en_US |
dc.contributor.corporatename | Georgia Institute of Technology. College of Computing | en_US |
dc.date.accessioned | 2020-02-10T19:05:17Z | |
dc.date.available | 2020-02-10T19:05:17Z | |
dc.date.issued | 2020-01-31 | |
dc.description | Presented on January 31, 2020 at 12:00 p.m. in the Krone Engineered Biosystems Building, room 1005. | en_US |
dc.description | Dr. Hong Hu is a Research Scientist of computer science at the Georgia Institute of Technology. His main research area is system and software security, focusing on exploring new attack vectors of memory errors and developing effective defense mechanisms. | en_US |
dc.description | Runtime: 56:06 minutes | en_US |
dc.description.abstract | The ever-increasing code base of modern software inevitably introduces vulnerabilities which enable attackers to construct sophisticated exploits and compromise our computer systems. Control-flow hijacking is the state-of-the-art exploit method, where attackers aim to take over the execution of the vulnerable program. Accordingly, defenders strive to protect the control-flow integrity to mitigate attacks. As these protections gradually get deployed, it is getting harder for attackers to hijack the control-flow and they may switch to other exploit methods to achieve malicious goals. It is urgent for defenders to understand the remaining attack vectors and develop defenses in advance. In this talk, I will present two works that explore the program data space to provide comprehensive protections as well as detect new and potentially devastating attacks. First, I will demonstrate that program data space provides necessary auxiliary information for achieving complete protection against control-flow attacks. Specifically, only with extra context information, we can get the unique code target for indirect calls and jumps. Second, I will demonstrate that data-oriented attacks, which conform to all control-flow protections, are practical, expressive and can be generated automatically. Attackers can systematically search in the program data space to construct arbitrary, even Turing-complete computations in real-world programs, like browsers. In the end, I will talk about my plan on extending data-oriented attacks to other platforms and languages, and the potential directions to prevent this new type of attacks. | en_US |
dc.format.extent | 56:06 minutes | |
dc.identifier.uri | http://hdl.handle.net/1853/62444 | |
dc.language.iso | en_US | en_US |
dc.publisher | Georgia Institute of Technology | en_US |
dc.relation.ispartofseries | Cybersecurity Lecture Series | |
dc.subject | Control-flow hijacking | en_US |
dc.subject | Date-oriented attacks | en_US |
dc.subject | Exploit | en_US |
dc.title | Space Wars: Exploiting Program (in)Variants for Software Security | en_US |
dc.type | Moving Image | |
dc.type.genre | Lecture | |
dspace.entity.type | Publication | |
local.contributor.corporatename | School of Cybersecurity and Privacy | |
local.contributor.corporatename | College of Computing | |
local.relation.ispartofseries | Institute for Information Security & Privacy Cybersecurity Lecture Series | |
relation.isOrgUnitOfPublication | f6d1765b-8d68-42f4-97a7-fe5e2e2aefdf | |
relation.isOrgUnitOfPublication | c8892b3c-8db6-4b7b-a33a-1b67f7db2021 | |
relation.isSeriesOfPublication | 2b4a3c7a-f972-4a82-aeaa-818747ae18a7 |
Files
Original bundle
1 - 4 of 4
No Thumbnail Available
- Name:
- hhu.mp4
- Size:
- 450.19 MB
- Format:
- MP4 Video file
- Description:
- Download video
No Thumbnail Available
- Name:
- hhu_videostream.html
- Size:
- 1.32 KB
- Format:
- Hypertext Markup Language
- Description:
- Streaming video
No Thumbnail Available
- Name:
- transcript.txt
- Size:
- 43.26 KB
- Format:
- Plain Text
- Description:
- Transcription
- Name:
- thumbnail.jpg
- Size:
- 51.47 KB
- Format:
- Joint Photographic Experts Group/JPEG File Interchange Format (JFIF)
- Description:
- Thumbnail
License bundle
1 - 1 of 1
No Thumbnail Available
- Name:
- license.txt
- Size:
- 3.13 KB
- Format:
- Item-specific license agreed upon to submission
- Description: