[HGI-News-de] HGI-Kolloquium am 05.02.2015: "The Difficulty of Preventing Code Reuse Attacks"
Newsletter des Horst Görtz Instituts
hgi-news-deutschland at lists.ruhr-uni-bochum.de
Mo Feb 2 09:54:57 CET 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sehr geehrte Damen und Herren,
im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Netz- und
Datensicherheit und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, wird Felix Schuster von der Ruhr-Universität Bochum am
Donnerstag, 05.02.2015 um 12 Uhr s.t.
in Raum ID 03/411 über folgendes Thema referieren:
"In this talk, I will give a brief introduction to code reuse
attacks - e.g., return-oriented programming - and give an
overview on recent developments in defenses; including
academic proposal as well as actually deployed ones such as
EMET and CFG.
I will present my own work on two advanced attack techniques
dubbed "Branch History Flushing" (RAID 2014) and "Counterfeit
Object-oriented Programming" (short COOP; in submission). COOP
abuses common artifacts in binary C++ code and breaks with
long-held assumptions on the nature of code reuse attacks.
Consequently, it bypasses a wide range of existing defenses
including the recently proposed "Code-Pointer Separation"
(practical "Code-Pointer Integrity"; OSDI 2014) and Windows 10's
CFG. I will discuss in particular why currently no strong
defense against COOP exists that does not require access to a
software's source code and why designing a strong binary-only
defense will be challenging.
The main takeaway should be that many of today's defenses are
built on improper assumptions and that even supposedly small
"wiggle room" for an attacker can still lead to full system
compromise."
Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind
alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!
Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/Aktuelles/hgi-seminar/
Mit freundlichen Grüßen,
Christoph Bader
- --
Dipl.-Math. Christoph Bader
Horst Görtz Institute for IT-Security
Chair for Network and Data Security
Ruhr-University Bochum, Germany
Universitätsstr. 150, ID 2/461
D-44801 Bochum, Germany
http:// www.nds.rub.de
Telefon: +49 (0) 234 / 32-25030
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJUzzthAAoJEO79b5R6Hnz54xUIAKAm8fLxIdrEPUBeKLSeMnPU
7IqZLyGSUXighDRvXn41Y453SEclzBfFX4ebukT45RhECvluJi5H1XG53yJh0yVo
KOwfiDrByYGqL0lcN4B+RMG9z/IKWEIlw4Ocdky8LX/l7hgARyNaHu+yIU32CKWd
ssBEgzia8DiOB6c8hx0pCsV+GEraLPu2Ej0S5IENTU8v5u7p7oNtdqCNZMpm355I
+bGLae6d9Sfqe1GLAzqfuTWRGCrIub6XKy5VqLPOUkDAa32pb4CCwhQXlp9G8OLT
mGwv3NcRnjyIS9eF80B3J4QqkV6lK3T0ao4o06BgqnrwjZFXY4iMyrSH6ZyqwJ4=
=tA/U
-----END PGP SIGNATURE-----
Mehr Informationen über die Mailingliste Hgi-News-Deutschland