gannimo, npc@berkeley.edu: New memory corruption attacks: why can't we have nice things?

Title:
gannimo, npc@berkeley.edu: New memory corruption attacks: why can't we have nice things?
Description:

Memory corruption is an ongoing problem and in past years we have both developed a set of defense mechanisms and novel attacks against those defense mechanisms. Novel defense mechanisms like Control-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) promise to stop control-flow hijack attacks. We show that, while they make attacks harder, attacks often remain possible. Introducing novel attack mechanisms, like Control-Flow Bending (CFB), we discuss limitations of the current approaches. CFB is a generalization of data-only attacks that allows an attacker to execute code even if a defense mechanism significantly constrains execution.

gannimo, npc@berkeley.edu

more » « less
Video Language:
English
Duration:
54:32
http://www.youtube.com/watch?v=n_tpc7bvPXU
Format: Youtube
Primary
Original
Added   by C3Subtitles
Format: Youtube
Primary
Original
http://www.youtube.com/watch?v=Ftp-vVA_YdA
Format: Youtube
Added   by C3Subtitles
Format: Youtube
This video is part of Amara Public.

Subtitles download

Incomplete subtitles (1)