Merken

Memory corruption vulnerabilities, runtime mitigations and their bypasses

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
hi I'm Minnesota larceny that from the University of Saigon and in this talk I would like to present a short overview of memory corruption attacks and defenses uh I'm a
mathematician working as a lecturer at the University of 2nd who is interested in information security in general and especially of old Attica hacking I also feel responsible for security in general and especially for security education uh and I'm always have to the hackerspace again best according to the principle of spaces by IIMs Ministère learning I have just started to make and share some of In this talk
Idea briefly discuss so all that problem of low-level programming languages that idea presents a general model of memory corruption a text uh taken from a recent survey article after vaults I did talk old some currently deployed protections some advanced text and 1st services for the mall and then mentions family as the 1st proposals and might pull clear and by drawing some conclusions that basically the problem is very simple low-level programming languages and say uh you know C and its variants of C + + t stop and objects see I used extensively in operating system can have system diverse and embedded systems just to name a few of I was told to then this the language is the language of the programmer professional moreover we have millions of lines of legacy the code but the problem is that the factor of safety and what's more both BoW checking and dynamic memory management are solely the responsibility of the programmer on this so sees memory unsafe hence it is not surprising that is error-prone as and indeed we can enumerate the series of our laboratories from the more historical Heartbleed or just think of the homegrown contest but even the most hardened versions of operating systems and processes are exploited in every year but
nevertheless is still very popular and here you can see that I'm taking the most overall programming languages by the IT please he added 5 columns so the fall months of this 1 the so he and I columns so that means that application on the mobile application language is used for enterprise their store and scientific applications and for embedded systems respectively and it is
especially important to fight against them corruption box but it is difficult and it is of great challenge both for academia and industry but it is still considered to be for more than 3 decades we have seen a huge number of proposers idea mention of fuel but only a few mitigation meant to its are deployed in practice today and yesterday in the US duties are insufficient just border Texas has this situation natural raises the question of why this is so uh I like this figure already a much as if that after that we should not forget about other aspects namely usability and functionality functionality in favor of security but he must make a balance among with these sometimes conflicting and like title translated or adapted this to the area of the runtime mitigation techniques then the security becomes robust mass so that is the type of
attacks that can be prevented by the terrorists and hollow FFT of the metal used in the aspects of ease of use changes performance uh it is very important as studies shows that no mitigation technique to bit more than 5 10 per cent of runtime overhead can have widespread adaptation in practice and perhaps functionalities should be replaced by compatibility in which can be either binary compatibility meaning that the defended modulus still comply with unmodified libraries and if it is not possible really quite source compatibility with meaning that no manual annotation of the source code is necessary but beside modularity that is a possibility to introduce the same defense for different would was independently from each other are so there is often an important issue the no we let me present a model of memory corruption text
this is taken from an excellent survey article by a 2nd as the event and the song wonder what online here is a e you can see it today goal of them at beach maybe cortical options for control flow high check the Italian attack or a memory leak and the the steps of the for 1 about let's see the so in this model
in the 1st phase of that occur in the 1st phase of 1st that that occur must make a point of the embodied uh
memory corruption bonds in the program maker was appointed I don't go all out of balance or become dangling In the 1st case if you have a spatial level and in the 2nd case we have a temporarily and in both cases the next step is to leave the did 2 due finance the court at the point that this can be performed by identified 2 of 3 or by your own read operation the
14 status the a spatial point that are on file I might be caused by a classic buffer overflow or underflow or by location of fear generating the node not not we interviewed that might be exploited within cannot space and by indexing boxes in digital workflows punctuation inside this box and by including in corner point of costing Tampa appointed ourselves also called code use after free boxes and because that but the ending point that is due to that is used after the memory area it points to has been geolocated that is read by the memory management system during the free instruction uh but no debt to point out to a local variable can also became bending the vanity is assigned to a global between data and subroutine return was freeing the local variable from the stack them were about double freeze are also key because memory in a 2nd step that that do for is the court to point that there there's your using the idea to write or to free or to read a dusty began in the 1st case all right I to an address on the stack or overnight a function point in of the timber or overnight and then see the of single object thereby freeing she can overwrite the heat met that or overnight a function point out of an object under the but note that even just by reading the value of a quantity point that can be used to like Matias data that costado call options the reading the quantity point that maybe due execution of managers caught next the goal of the memory corruption of the 1st 2 steps may be quite different and the attacker can either modify another data point at the end of repeat the the uh phase von and face to read this newly we knew we corrected point that through the law he can
modify the or he can modify coach to this Attica specified called courts shared code and the achieve cold connection attack next she can caught up the point that I get to an address of he's injected chat or to an address of the code snippets of under memory module is called gadgets and data by an indirect coding didn't jump attorneys faction that had gotten heightened control flow this is sort type of attack that and please note there that it is also possible to just modify the data variables and and then if it is a sensitive data variable and adapted that the can can execute a detail we attacked and finally by corrupting and all output variable and light a 40 as the name field of this thing that information can be unique so there are several possibilities next thing that as the he discussed their content the deployed prime-time protection 1st we have s that cookies or support can is uh the charter random values between the local buffers and overturn addresses on the stack and they can be used to detect only continuous text that these buffer overflows since then the buffer overflows the Kennedy values is overwritten as that which can be detected later than the function returns In the lowest protection score the share can share hope the structured access from high and low alright protection validate the integrity of the exception handler point there's uh and exception training as the main problem with these techniques in a is that these are the only partial solutions and that is they only provide some values specific type of control-flow integrity and speckle cues can be bypassed by direct overnights the forties that's using the indexing of course but they can be the of commanded by memory leaks the next main
widely deployed mitigation technique is the flight for execute policy Police armament remembered that it has equally important fights so the 1st is called non-executable at the top or deep execution Prevention abbreviated as that individuals terminology and the 2nd might be called the LongWritable called or coding integrity node is the days implemented by memory page protection in modern protests uh is simple times over the must have the right overeat by mission for data the but never execute and the monopoly of you must have ever execute offbeat permission for code pages but never arrive at the same time and thus as in many other areas are also security the clear separation of data and code is a crucial year as of studies works well
and it enjoys hardware support there's so that it has a negative negligible overhead uh but it'd just it protects against code injection attacks and no user gains the most sophisticated could use a text that can be done to reach the return on integer programming lower John body and indeed orientated programming it also have some other issues because separation of data and code is not as easy as it 1st seems to have you must handle that program the just-in-time compilation of script languages valid for instance for the grocer this creates on user-supplied input data uh but they must be turned into executable code and also that our self-modifying code like that DOS the that forces attack us apply code used instead of code injection and it would be the main difference against code reuse Texas I just based on the musician especially under space linear trimerization abbreviated as he has it seems that randomizes that these subsets of the stacked heat and the mean executable since shared libraries it talks on item by conceding that doubtless a of that as possible gadgets from that occur in but it also has some of the 1st it acquires a position independence and secure both said that have 10 per cent the runtime overhead all of a sudden 1 is 32 bits by the format the entropy of the usual PSI implementation is under really there which is a subject to brute-force attacks moreover possible just overrides and memory leaks it can defeat yes our as well and that is similar to that area so lot is also and nothing time defense meaning that it just violent on ASR module can break the whole protection totally you know we let us look good some more advanced defense technique uh as
I mentioned earlier on in the standard the SM not only did these atlases of the code we do without randomized to increase the entropy of the location of metal would actually being stonewalled is so find grade of randomization of our proposed them gained here is that a single unique point that should not defeat the whole defense dominant musician can be applied in the following left us in in a modular began pattern or functions just basic blocks that is called parts at a single entity and exit points or we can apply in such a level of randomization and of course that this makes a lot of text found out by and leader of protection to the standard ESL out of uh against a it onto the vector X that what I doubt attacks there the requires just a single furthermore the veto repeated Mamelodi from the texts are still possible as we shall see here you can see
a whole new type of attack could call would just in time of the attack rock uh box at the main assumption here is that the side of a of y memories being that I will stop text that could also has a memory the social vulnerability which I will seem to read from arbitrary Mamelodi addressed in a process which other memory but as you probably know all time to read from an unknown located the schools is segmentation for and the application crashes usually classes that that could also needs a single value defined by Memorial address but of course it is not hard to obtain uh and their importance in theory is that it is also sufficient for review of audit direct here elected uh this are addressed the the objects of function theory and using the above-mentioned the memory leak that occurred to have read and a little disassemble the hall memory page that contains function in here denoted by page is evil and the disassembly of certainly the view on the evaluated them MOD us about 40 status you have there structural in cost function so here there is a section cost function be there so here is the address of the function the of course and under the cold stage it contains in it if it is contained in called page 1 year and by repeating this process that that contain a significant amount of disassembled pages so just by going cycle as he can obtain many disassembled COLT pp and finally a veto runtime gadget find out and the chief of compiler that he can generate abruptly at rope payload that works no matter how fine there I our salaries applied moreover if we have a user speaking embrittlement as number rose out or during the document these effects then the flow process can be automated has a call a memory leak to get a bit of rock and discrete danger can defeat even the strictest that must the yes of our implementation of the ES
cells being insufficient to the cultural flow integrity approach has gained of considerable interest recently in the main idea here is to that and control for attacks by that connecting the quantal transfer out for a good hour B 9 control flow of the application then I think that it can be done for us by computing the so called contraflow graph of the application and then when it monitoring the executables runtime behavior of courting according to these graphs and any deviation from the standard control fuel line or the to an unusual at this indicates a control hijacked so that it can be stopped but these electrode has the drawback says that uh the main program programming is that precisely basin of all India that control flow transfer of meaning or indirect costs and all indirect Johnson already told us that we're the only other returned to the original caller 1st introduces about our high overhead Opel 24 1 perhaps son and therefore in practice usually some already adventure now used instead it is so-called coarse-grained contraflow imperative policies are implemented the this C is still in it can be defeated by advanced can be defeated by in advance of text so
as the CFI contraflow integrated policy and depending on the type of India that bank is that are checked uh usually also use some behavior based Hayward states for example of the French use of freedom to a small code snippets and mean Decatur OpenStack and the time of check it can be a valid as valid in paper formed of community demonstrated the the points of the coarse-grained control-flow integrity approach a day 2 with these 5 represented implementing these the finance namely CFI for CFI for close binaries cables several back Rob God and Microsoft the map and divide the they needed to divide the combined will assess the DCF see from blowing these programs and so that even and then the square like what is he can be bypassed using 2 we knew we types of gadget uh the state called would of course that tragedy and unknown knock detection the normal as a concrete example let us look over at Microsoft he met the image stands for and has mitigation experience tool kit and it is a free mitigation tool that can be downloaded from the fact that that the main goal of the unit project is to and has more than protection to earlier versions of free knows it is highly more and it has no less than 14 different mitigation options that can be turned on and off 1 of that application these is solving many incompatibility problems so uh but like most practical tools to date it is not not body to prove that even Microsoft warned us that it can be bypassed the 1st main problem is that the it is the use of space for affection has the etiquette of the security there were able to provide all of the defense of their application complain completely several times and the mitigation can buy circumvented one-by-one justice you work for them all so for news and the more I used to look at does this utility in the video is a very nice tool from the CG security is basically a smooth the utility that can be used to what he calls our lowest partitions in the partition table and it it it saved my life is at least 1 time then I installed Windows over system and bundle main problem is that it this utility was all the accepted the image file as input and then assigns a in last May is found a buffer overflow a simple Buffalo Buffalo vulnerability in this application and of what I did was that i is the expert intersecting the inviolability which was the choice was easy but I would use the TIPS to turn on the mitigation technical effect and that 1 by 1 and I would lose the ability to bypass it finally so just to show you and at that can can you use the small create screen like this so if I do not have time to go into the details so I am feeling to show you the whole cold and how exploits books after the talk but the script is used just to generate just to generate the yes the coding game over exploit been and if I use it as input then opted just 1 moment in and I would like to show you that you met this in effect but yes so this is the graphical user face of the tool that you can see that all medications are being turned on and here's the shrewd CTS here this is the best means that there's this utility here and as I mentioned it is but
a vast dies so I can turn on mitigation metal what's on and off by the application bases but
if I put and is dead but then nothing happens but because the dead their dead calculator they just believe me have appeared there so oil on all my primary it does so but that I had committed to show you that it works but after the book so it is then just a general and demonstrated that the even even such a runtime mitigation tool can be bypassed problem I
can refer to online presentation and no 1
sorry i must be started
years sold here of the periodic
uh the datasets CFI protection solution of microphone solve this quality control full-flow flow got there it was introduced in the preview version of being those 8 . 1 but is was the same word in the final edition of liberty was that he had the ability and the update free and the it this can be found on the no stamp uh but it is also a partial and 14 by affecting by mentation of control-flow integrity and namely the close of 3 of performance the users and the 1 inject checks of the forward indirect costs has lead us are left unprotected really has it is effective against the evil alright ice but there already biased compiler and linker support and sort of optimal use and even all version of my M as binary 40 mean unprotected and no that even at universe bypass of CFG was demonstrated recently and knowing that the mention some of the of the sum the 1st proposals that have arise and then the reasoning in academic research as far as I know the Iast union prototype phase uh 1st the concept of court-appointed integrity is an alternative to the control-flow integrity and called randomization and that can guarantee data integrity of workload point that it was worth formally proven to be correct and this can be done by separating sensitive control did not like overdone that ended Jun targets in a safe protected region you know all of separation by isolation is 1 of the basic principles of security it also has next version called code point of separation was a single even small that overhead uh the main idea of the poor quality of the doctor or is to implement execute but not read policy in order to do quote winter hiding against the point that harvesting phase of which he took that acts as a but to needs hardware support for DEC and which is called content affiliated change in the bottom of the that the rows of biased Western can extensions as about I met a very interesting proposal isomeric as follows that totally different strategies instead of granting the it tolerates Mamelodi disclosures to achieve this goal and randomizes contraflow trans fats therefore the the need to close court amounts at the end you need to isomers of loss functions in the memory of course is something that was the memorial acquirements for but you know space is far less than issue then time-aware it works as follows the only each call and return instruction isolated the mind set that up to speech to that under mad but keep the execution in the current 1 and these are non deterministic retires and cause attacks impossible the experiment shows that the 2 would have accepted the borrowed time overhead that it can be integrated into the into a compiler and the last toward the obviously is scored have features it it is a hard assisted called also integrated solution that is significantly more efficient than existing software solutions it uses the shadow suspect to enforce their intended control flow more precisely than coarse-grained 5 2 we deplore 2 days for instance it and enforces return us to target not just any corpus instructions but only those that are in function that is is currently being executed and this can be done by 3 new professor into their structure as a conclusion
that we may say that the problem of ICPC code is far from being solved at the moment it should be obvious that that there is no silver about it's uh s securing the large amount of on-the-fly code is used and really mean high it also seems that economic world looks for perfect solution answer and this course unless somebody alive realization of the mitigation proposal the business sector is not invested in very fast mitigation against current mainstream exploring and is less costs of all possible bypasses and of course inefficient and incompatible solutions are useless in practice but they even a small a trade-off for efficiency can totally destroyed the defense and as we have seen in the case of quantum coarse-grained on fulfilling their at it is also clear that and that is information for from between at and defenses since known attacks can be mitigated as known differences can be bypassed the also solution can be at different levels so the dog really mainly discussed so far based technique here as hardware-based solutions usually need a considerable time to spread but many stuff that approaches have the performance overhead as the main bottleneck and hardware support can bring their views to this problem last even though it seems unrealistic no perhaps 1 day be read to you was type-safe languages instead of C and even as we have seen or runtime mitigation are far from being perfect dust on only of the fantasies like sick or curing the sick or security testing and and sandboxing should not be neglected OK that's all
I wanted to say thank you for your attention but the
Mathematiker
Computersicherheit
Mathematikerin
ROM <Informatik>
Computersicherheit
Information
Hacker
ROM <Informatik>
Grundraum
Hacker
Raum-Zeit
Computeranimation
Kernel <Informatik>
Programmiergerät
Prozess <Physik>
Formale Sprache
Familie <Mathematik>
Versionsverwaltung
Kartesische Koordinaten
Sondierung
ROM <Informatik>
Code
Computeranimation
Wurm <Informatik>
Systemprogrammierung
Informationsmodellierung
Code
Endogene Variable
Speicher <Informatik>
Druckertreiber
Gerade
Demo <Programm>
Programm
Programmiersprache
App <Programm>
Fehlermeldung
Datenmodell
Reihe
Physikalisches System
Optimierung
Gerade
Teilbarkeit
Objekt <Kategorie>
Dienst <Informatik>
Formale Sprache
ROM <Informatik>
Programmiergerät
Speicherverwaltung
Unternehmensarchitektur
Beobachtungsstudie
Lineares Funktional
Quader
Benutzerfreundlichkeit
Computersicherheit
Mathematisierung
Zahlenbereich
Ruhmasse
Rechenzeit
Quellcode
ROM <Informatik>
Computeranimation
Arithmetisches Mittel
Methodenbank
Informationsmodellierung
Funktion <Mathematik>
Exploit
Flächeninhalt
Binärdaten
Anpassung <Mathematik>
ROM <Informatik>
Computersicherheit
Schnelle Fourier-Transformation
Overhead <Kommunikationstechnik>
Figurierte Zahl
Leck
Fehlermeldung
Informationsmodellierung
Punkt
ROM <Informatik>
Kontrollstruktur
Zeiger <Informatik>
Sondierung
ROM <Informatik>
Phasenumwandlung
Ereignishorizont
Konfiguration <Informatik>
Nichtlinearer Operator
Fehlermeldung
Punkt
ROM <Informatik>
Datenmodell
Zeiger <Informatik>
Optimierung
ROM <Informatik>
Computeranimation
Lesen <Datenverarbeitung>
Stellenring
Punkt
Freeware
Gemeinsamer Speicher
Adressraum
Gesetz <Physik>
Raum-Zeit
Computeranimation
Wechselsprung
Datenmanagement
Konsistenz <Informatik>
Typentheorie
Randomisierung
Kontrollstruktur
Auswahlverfahren
Betriebsmittelverwaltung
Phasenumwandlung
Umwandlungsenthalpie
Automatische Indexierung
Lineares Funktional
Klassische Physik
Stellenring
Malware
Ausnahmebehandlung
Zeiger <Informatik>
Variable
Konfiguration <Informatik>
Datenfeld
Funktion <Mathematik>
Automatische Indexierung
Digitalisierer
Ablöseblase
URL
Information
Funktionspunktmethode
Wellenpaket
Ausnahmebehandlung
Quader
Gefrieren
ROM <Informatik>
Code
Leck
Puffer <Netzplantechnik>
Pufferspeicher
Knotenmenge
Variable
Zufallszahlen
Ganze Zahl
Adressraum
Datentyp
Inhalt <Mathematik>
Datenstruktur
Leck
Einfach zusammenhängender Raum
Fehlermeldung
Cookie <Internet>
Physikalisches System
Elektronische Publikation
Modul
Quick-Sort
Keller <Informatik>
Integral
Zeichenkette
Objekt <Kategorie>
Vierzig
Puffer <Netzplantechnik>
Flächeninhalt
Pufferüberlauf
ROM <Informatik>
Codierung
Cookie <Internet>
Speicherverwaltung
Bit
Sampler <Musikinstrument>
Partielle Differentiation
Pi <Zahl>
Raum-Zeit
Computeranimation
Homepage
Konsistenz <Informatik>
Code
Randomisierung
Entropie
Skript <Programm>
Funktion <Mathematik>
Schreiben <Datenverarbeitung>
Hardware
Computersicherheit
Just-in-Time-Compiler
Ein-Ausgabe
Linearisierung
Teilmenge
Arithmetisches Mittel
Injektivität
Rechter Winkel
Lineare Optimierung
Dateiformat
Overhead <Kommunikationstechnik>
Instantiierung
Subtraktion
Decodierung
Ortsoperator
Ablöseblase
Implementierung
ROM <Informatik>
Code
Zustandsdichte
Homepage
Leck
Knotenmenge
Adressraum
Programmbibliothek
Skript <Programm>
Optimierung
Stochastische Abhängigkeit
Disjunktion <Logik>
Hardware
Ortsoperator
Leck
Randomisierung
Beobachtungsstudie
Trennungsaxiom
Just-in-Time-Compiler
Raum-Zeit
Stochastische Abhängigkeit
Validität
Rechenzeit
Modul
Integral
Flächeninhalt
Injektivität
ROM <Informatik>
Overhead <Kommunikationstechnik>
Entropie
Bit
Punkt
Prozess <Physik>
Compiler
Adressraum
Computeranimation
Homepage
Übergang
Gradient
Standardabweichung
Mustersprache
Randomisierung
Lineares Funktional
Sichtenkonzept
Wurm <Informatik>
Systemaufruf
p-Block
Zeiger <Informatik>
Disassembler
Emulation
Garbentheorie
URL
Programmbibliothek
p-Block
Standardabweichung
Quader
Klasse <Mathematik>
Systemzusammenbruch
Implementierung
Autonomes System
Sprachsynthese
Diskrete Gruppe
Permutation
ROM <Informatik>
Code
Physikalische Theorie
Homepage
Leck
Modul <Datentyp>
Adressraum
Kostenfunktion
Datentyp
Speicheradresse
Leck
Randomisierung
Soundverarbeitung
Raum-Zeit
Rechenzeit
Einfache Genauigkeit
Rechenzeit
Vektorraum
Datenfluss
Objekt <Kategorie>
System F
Softwareschwachstelle
Mereologie
ROM <Informatik>
Dreiecksfreier Graph
Entropie
Heuristik
Punkt
Freeware
Parser
Wärmeübergang
Kartesische Koordinaten
Ungerichteter Graph
Raum-Zeit
Computeranimation
Videokonferenz
Freeware
Softwaretest
Einheit <Mathematik>
Konsistenz <Informatik>
Code
Wärmeübergang
Bildschirmfenster
Computersicherheit
Kontrollstruktur
Skript <Programm>
COTS
Netiquette
Kontrollfluss
Gerade
Auswahlaxiom
Algorithmische Programmierung
Computersicherheit
Güte der Anpassung
Trägheitsmoment
Ein-Ausgabe
Exploit
Systemaufruf
Software Development Kit
Konfiguration <Informatik>
Arithmetisches Mittel
Exploit
Projektive Ebene
Overhead <Kommunikationstechnik>
Versionsverwaltung
Faserbündel
Standardabweichung
Aggregatzustand
Tabelle <Informatik>
Subtraktion
Kontrollstruktur
Zellularer Automat
ROM <Informatik>
Abenteuerspiel
Code
Graph
Spieltheorie
Datentyp
Optimierung
Bildgebendes Verfahren
Demo <Programm>
Touchscreen
Binärdaten
Soundverarbeitung
Videospiel
Expertensystem
Graph
Raum-Zeit
Rechenzeit
Softwarewerkzeug
Physikalisches System
Elektronische Publikation
Datenfluss
Partitionsfunktion
Keller <Informatik>
Integral
Quadratzahl
Softwareschwachstelle
Pufferüberlauf
Gamecontroller
Codierung
Mini-Disc
Rechenzeit
Stützpunkt <Mathematik>
Vorlesung/Konferenz
Kartesische Koordinaten
Rechnen
ROM <Informatik>
Vorlesung/Konferenz
Kombinatorische Gruppentheorie
ROM <Informatik>
Kernel <Informatik>
Einfügungsdämpfung
Gewichtete Summe
Punkt
Minimierung
Compiler
Versionsverwaltung
Raum-Zeit
Computeranimation
Freeware
Softwaretest
Konsistenz <Informatik>
Code
Klon <Mathematik>
Wärmeübergang
Minimum
Computersicherheit
Randomisierung
Kontrollstruktur
Kontrollfluss
Phasenumwandlung
Prototyping
Lineares Funktional
Hardware
URN
Computersicherheit
Systemaufruf
Farbverwaltungssystem
Zeiger <Informatik>
Digital Equipment Corporation
Software
Funktion <Mathematik>
Exploit
Lesen <Datenverarbeitung>
Strategisches Spiel
Overhead <Kommunikationstechnik>
Ordnung <Mathematik>
Versionsverwaltung
Instantiierung
Lesen <Datenverarbeitung>
Mathematisierung
Ablöseblase
Abgeschlossene Menge
Kraft
Sprachsynthese
Maßerweiterung
ROM <Informatik>
Code
Konsistenz <Informatik>
Datensatz
Software
Äußere Algebra eines Moduls
Abschattung
Strom <Mathematik>
Datenstruktur
Grundraum
Hardware
Implementierung
Demo <Programm>
Randomisierung
Binärdaten
Trennungsaxiom
Raum-Zeit
Rechenzeit
Binder <Informatik>
Datenfluss
Quick-Sort
Coprozessor
Integral
Beanspruchung
ROM <Informatik>
Binder <Informatik>
Gamecontroller
Overhead <Kommunikationstechnik>
Wort <Informatik>
Compiler
Mini-Disc
Sichtbarkeitsverfahren
Explosion <Stochastik>
Subtraktion
Kontrollstruktur
Momentenproblem
Formale Sprache
Gewichtete Summe
Extrempunkt
ROM <Informatik>
Code
Computeranimation
Übergang
Perfekte Gruppe
Softwaretest
Code
Computersicherheit
Quantisierung <Physik>
Hardware
Softwaretest
Hardware
Sichtenkonzept
Computersicherheit
Rechenzeit
Strömungsrichtung
Übergang
Software
Exploit
Information
Overhead <Kommunikationstechnik>

Metadaten

Formale Metadaten

Titel Memory corruption vulnerabilities, runtime mitigations and their bypasses
Serientitel Hacktivity 2015
Teil 11
Anzahl der Teile 29
Autor Németh, Zoltán L.
Lizenz CC-Namensnennung 3.0 Deutschland:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/18855
Herausgeber Hacktivity
Erscheinungsjahr 2015
Sprache Englisch

Inhaltliche Metadaten

Fachgebiet Informatik
Abstract Memory corruption vulnerabilities are ubiquitous and unavoidable issues of our complex applications. There are many exploitation and exploit mitigation techniques offor them as well as bypass methods of for the used or proposed defenses. For instance beyond in addition to the nowadays classic defenses of Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR), there are newer more recent proposals like Control Flow Integrity (CFI) and fine-grained ASLR, even if these solutions are not frequently used in practice today mainly for performance and compatibility reasons. The aim of this talk is to provide an overview of the main achievements of the state -of -the -art academic research in this field, and also to demonstrate and discuss some concrete uses of evasion techniques for bypassing runtime mitigations, like the Enhanced Mitigation Experience Toolkit (EMET) of Microsoft.

Zugehöriges Material

Ähnliche Filme

Loading...