Full day Tutorial
Title
The Beast in Your Memory: Modern Exploitation Techniques and Defenses
Presenters
Lucas Davi and Ahmad-Reza Sadeghi, Technische Universität Darmstadt
and Intel Collaborative Research Institute for Secure Computing (ICRI-SC)
Abstract
Memory corruption attacks belong to the most-widely deployed attacks since
almost three decades. These attacks have been already applied in the first
famous Internet worm (the Morris worm in 1988). Today, they are used to
compromise web browsers, launch iOS jailbreaks, and partially in zero day
issues exploited in large-scale cyberattacks such as Stuxnet and Duqu. In
particular, code-reuse techniques such as return-oriented programming
undermine the security model of non-executable memory (the No-Execute
Bit) and memory randomization. Defending against these attacks is a hot
topic of research. In this tutorial, the attendees will be introduced to the
state-of-the-art memory exploitation techniques and defenses. We give an
overview of the main principles of memory exploitation covering stack
smashing, return-into-libc, and return-oriented programming. We also
elaborate on modern defenses such as control-flow integrity and memory
randomization. In a hands-on lab, the attendees will construct proof-ofconcept
exploits targeting mobile platforms (based on ARM).
| |
Upcoming Conference
Important Dates
Abstract Submission
March 23, 2015 (11:59 pm GMT-12) Full Paper Submission
March 30, 2015 (11:59 pm GMT-12)
(Firm deadline) Notification of Paper Acceptance
June 08, 2015 Camera-ready version
July 13, 2015 Conference
Oct. 04-09, 2015
Conferences
Symposia
Workshops
Previous Conferences
|
|
