Vorträge
On Securing Legacy Software Against Code-Reuse Attacks - Invited Talk
- Autor(en):
- Davi, Lucas
- Name der Veranstaltung:
- RuhrSec
- Ort:
- Bochum, Germany
- Datum:
- 29.04.2016
Abstract
Code-Reuse attacks such as return-oriented programming constitute a powerful exploitation technique that is frequently leveraged to compromise software on a wide range of architectures. These attacks generate malicious computation based on existing code (so-called gadgets) residing in linked libraries. Both academia and industry have recently proposed defense techniques to mitigate code-reuse attacks. However, a continuous arms race has evolved between attacks and defenses. In this talk, we will elaborate on the evolution of code-reuse attacks. In particular, we explore prominent defense techniques that are based on control-flow integrity (CFI) enforcement and code randomization. Further, we discuss promising research directions such as hardware-assisted defenses and protection against these attacks at the kernel layer.