Go With the Flow - Enforcing Program Behavior Through Syscall Sequences and Origins

Explore a groundbreaking approach to application security in this 35-minute Black Hat conference talk. Delve into the concept of syscall-flow-integrity protection (SFIP), a novel method for limiting control flow across security domains, particularly user-to-kernel transfers. Learn how SFIP addresses the limitations of traditional security measures like control-flow integrity (CFI) that only operate within a single security domain. Understand the increasing vulnerabilities in complex applications and discover how SFIP can enhance protection against potential attacks by enforcing program behavior through syscall sequences and origins. Gain insights from speaker Claudio Canella on this innovative security strategy that aims to fortify applications against sophisticated threats in an era of growing software complexity.

Go With the Flow: Enforcing Program Behavior Through Syscall Sequences and Origins