C3Subtitles: 30C3: WarGames in memory
back

WarGames in memory

what is the winning move?

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:56:02
Language
English
Abstract
Memory corruption has been around forever but is still one of the most exploited problems on current systems. This talk looks at the past 30 years of memory corruption and systematizes the different existing exploit and defense techniques in a streamlined way. We evaluate (i) how the different attacks evolved, (ii) how researchers came up with defense mechanisms as an answer to new threats, and (iii) what we will have to expect in the future.

Memory corruption (e.g., buffer overflows, random writes, memory allocation bugs, or uncontrolled format strings) is one of the oldest and most exploited problems in computer science. These problems are here to stay as low-level languages like C or C++ continue to trade safety for potential performance. A small set of all proposed solutions (e.g., Address Space Layout Randomization, Data Execution Prevention, and stack canaries) is applied in practice but real exploits show that all currently deployed protections can be defeated.

In this talk we systematize the existing knowledge about (i) attack vectors and specific techniques to exploit running software and (ii) defense mechanisms that protect against the attack vectors. Many of these techniques have been developed hand in hand. We take a methodological approach and cover the complete design space for control-flow based and data-flow based attacks for low-level languages.

The problems of current protection mechanisms calls for novel approaches towards software protection that adhere to the three laws of software defenses: low overhead for high security guarantees, no changes to the original source code, and compatibility to existing libraries and binaries (including a partial migration strategy).

Talk ID
5223
Event:
30C3
Day
3
Room
Saal 6
Start
8:30 p.m.
Duration
01:00:00
Track
Security & Safety
Type of
lecture
Speaker
gannimo