Counterfeit Object-Oriented Programming
Offered By: IEEE via YouTube
Course Description
Overview
Explore a comprehensive analysis of code reuse attacks and defenses in C++ applications, focusing on the novel Counterfeit Object-oriented Programming (COOP) technique. Delve into the vulnerabilities of existing defense mechanisms against COOP, including CFI solutions and C++-specific protections. Examine the Turing-complete nature of COOP in real-world scenarios, with practical demonstrations using exploits for Internet Explorer and Firefox. Gain insights into the challenges of constructing COOP-resilient defenses without source code access, and understand the implications for future security measures against control flow hijacking attacks.
Syllabus
Intro
Introduction: Code-reuse attacks
Introduction: Defenses
Background: C++ object layouts
COOP Motivation
Control flow in COOP
The Main Loop (2)
Attacker-injected data
Adding values (ARITH-G)
Writing to memory W-G
Proof of concept exploits
Applicability
Properties of COOP
How to prevent COOP?
Defenses Review
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network