RuhrSec 2016: "Code-Reuse Attacks and Beyond", Thorsten Holz
Add to List Share
Abstract. Code-reuse attacks have become a prevalent technique to exploit memory corruption vulnerabilities in software programs. The focus of most attacks is on modifying code pointer and a variety of corresponding defenses has been proposed, of which many have already been successfully bypassed â and the arms race continues. In this talk, we provide an overview of some recent work we performed at Ruhr-University Bochum towards code-reuse attacks with and without modifying code pointers. On the one hand, we present some recent results on a technique called counterfeit object-oriented programming (COOP). We demonstrate that many existing defenses that do not consider object-oriented C++ or Objective-C semantics precisely can be generically bypassed in practice. On the other hand, we focus on non-control data attacks. We demonstrate some potential attacks and focus on data-only attacks that can bypass many of the existing defenses. We conclude the talk with an overview of potential other targets of code-reuse attacks and an outlook of future challenges.
Biography. Thorsten Holz is a professor in the Faculty of Electrical Engineering and Information Technology at Ruhr-University Bochum, Germany. His research interests include systems oriented aspects of secure systems, with a specific focus on applied computer security. Currently, his work concentrates on automated analysis of malicious software, reverse engineering, and studying latest attack vectors. He received the Dipl.-Inform. degree in Computer Science from RWTH Aachen, Germany (2005), and the Ph.D. degree from University of Mannheim (2009). Prior to joining Ruhr-University Bochum in April 2010, he was a postdoctoral researcher in the Automation Systems Group at the Technical University of Vienna, Austria.
Led Digital Marketing Efforts of Top 500 e-Retailers.
Worked with Top Brands at Leading Agencies.
Successfully Managed Over $50 million in Digital Ad Spend.
Developed Strategies and Processes that Enabled Brands to Grow During an Economic Downturn.
Taught Advanced Internet Marketing Strategies at the graduate level.
Your Cart 0
Manage research, learning and skills at defaultLogic. Create an account using LinkedIn or facebook to manage and organize your IT knowledge. defaultLogic works like a shopping cart for information -- helping you to save, discuss and share.