Mathias Payer - Purdue University
Students: Spring 2025, unless noted otherwise, sessions will be virtual on Zoom.
WarGames in Memory: Fighting Powerful Attackers
Sep 10, 2014
Download:
MP4 Video Size: 102.4MB
Watch on YouTube
Abstract
Memory corruption (e.g., buffer overflows, random writes, memoryallocation bugs, or uncontrolled format strings) is one of the oldest
and most exploited problems in computer science. These problems are
here to stay as low-level languages like C or C++ continue to trade
safety for potential performance. A small set of all proposed
solutions (e.g., Address Space Layout Randomization, Data Execution
Prevention, and stack canaries) is applied in practice but real
exploits show that all currently deployed protections can be defeated.
The problems of current protection mechanisms call for novel
approaches towards software protection that fulfill the following
properties: low overhead for high security guarantees, no changes to
the original source code, and compatibility to existing libraries and
binaries (including a partial migration strategy).
We present a security policy that deterministically protects software
against control-flow hijack attacks. Our mechanism uses both a
user-space virtualization system (building on binary translation) to
support legacy code and a compiler-based framework to enforce the
integrity of all code pointers at runtime. Such a system controls the
execution of all code in user-space, extracts information from all
loaded components, and enforces a strong security policy for the
executed software with low overhead. We show possible pitfalls and
limitations and discuss future extensions and optimizations.
About the Speaker
Mathias Payer is a security researcher and an assistant professor in
computer science at Purdue university. His interests are related to
system security, binary exploitation, user-space software-based fault
isolation, binary translation/recompilation, and (application)
virtualization.
Before joining Purdue in 2014 he spent two years as PostDoc in Dawn
Song's BitBlaze group at UC Berkeley. He graduated from ETH with a Dr.
sc. ETH in 2012. The topic of his thesis is related to low-level
binary translation and security. After developing a fast binary
translation system (fastBT) he started to analyze different exploit
techniques and wondered how binary translation could be used to raise
the guard of current systems (with TRuE and libdetox as a prototype
implementation of the security framework).
computer science at Purdue university. His interests are related to
system security, binary exploitation, user-space software-based fault
isolation, binary translation/recompilation, and (application)
virtualization.
Before joining Purdue in 2014 he spent two years as PostDoc in Dawn
Song's BitBlaze group at UC Berkeley. He graduated from ETH with a Dr.
sc. ETH in 2012. The topic of his thesis is related to low-level
binary translation and security. After developing a fast binary
translation system (fastBT) he started to analyze different exploit
techniques and wondered how binary translation could be used to raise
the guard of current systems (with TRuE and libdetox as a prototype
implementation of the security framework).
Ways to Watch
