YoVDO

Enforcing Unique Code Target Property for Control-Flow Integrity

Offered By: Association for Computing Machinery (ACM) via YouTube

Tags

Control-Flow Integrity Courses Cybersecurity Courses Software Security Courses

Course Description

Overview

Explore a comprehensive analysis of control-flow integrity (CFI) and its implementation challenges in this 24-minute conference talk. Delve into the concept of unique code target property and its potential to enhance CFI effectiveness. Examine the limitations of existing CFI approaches and understand why they fall short in preventing control-hijacking attacks. Learn about the innovative UCFI (Unique Code Target Property for Control-Flow Integrity) method, its implementation, security benefits, and efficiency considerations. Investigate the use of Intel PT for efficient analysis and path reconstruction. Discuss backward-edge CFI and compare UCFI with other techniques like CPI. Gain valuable insights into advancing cybersecurity measures against sophisticated control-flow attacks.

Syllabus

Intro
Control-flow attack is getting harder
Control-flow attack is still possible
Example: control-flow attack
Example: control-flow integrity
Unique code target property
Challenges with Intel PT
Which data is necessary?
UCFI - perform efficient analysis path reconstruction from PT trace is slow!
Implementation
Security - enforcing unique target
Security - preventing attacks
Efficiency - performance overhead
Efficiency - memory&code overhead
Efficiency - trace size reduction
Discussion - backward-edge CFI
Conclusion: UCFI
Discussion - difference from CPI


Taught by

Association for Computing Machinery (ACM)

Related Courses

Current Status of RISC-V Security Mechanisms - Nick Kossifidis, FORTH
TheIACR via YouTube
Two-Faces of WASM Security
Security BSides San Francisco via YouTube
Taking Kernel Hardening to the Next Level
Black Hat via YouTube
The Power of Data-Oriented Attacks - Bypassing Memory Mitigation Using Data-Only Exploitation Techniques
Black Hat via YouTube
Mitigating Spectre Attacks Using CFI Informed Speculation
IEEE via YouTube