Drinking from LETHE: New methods of exploiting and mitigating memory corruption vulnerabilities

Presented at DEF CON 23 (2015), Aug. 7, 2015, 6 p.m. (60 minutes).

Memory corruption vulnerabilities have plagued computer systems since we started programming software. Techniques for transforming memory corruption primitives into arbitrary code execution exploits have evolved significantly over the past two decades, from "smashing the stack for fun and profit" to the current apex of "just in time code reuse" while playing a cat and mouse game with similarly evolving defensive mitigations: from PaX/NX-bit to fine-grained ASLR and beyond. By contextualizing this battle between attack and defense, I will demonstrate new defense strategies based on augmenting fine-grained ASLR with memory disclosure mitigations to render existing exploitation techniques unreliable. Modifications to the Xen hypervisor exploiting hardware accelerated virtualization extensions on the modern Intel platform enable realizing these new defense strategies without imposing significant runtime CPU overhead.


Presenters:

  • Daniel Selifonov - Engineer, Skyport Systems Inc
    Daniel Selifonov is currently an engineer focused on information security, and in prior consultancies has built systems for information technology where security was considered throughout design and implementation, rather than as an afterthought. His research interests in security include reverse engineering, applied cryptography, client side security, and user acceptable information system design. Social media names/links: * GitHub: https://github.com/thyth/ * Personal Website: http://thyth.com/

Links:

Similar Presentations: