Thread-Level Attack-Surface Reduction for Enhanced Security
Offered By: ACM SIGPLAN via YouTube
Course Description
Overview
Explore a groundbreaking approach to cybersecurity in this 22-minute conference talk from LCTES 2023. Delve into Thread-Level Attack-Surface Reduction (TLASR), a dynamic, context-aware method that significantly reduces the attack surface in multi-threaded applications. Learn how TLASR eliminates unused code on a thread level, utilizing the mmview Linux extension to support multiple text-segment views within a single process. Discover the impressive results achieved in popular applications like MariaDB, Memcached, OpenSSH, and Bash, where executable code visible from a single thread was reduced by 84 to 98.4 percent. Understand how this technique decreases ROP gadgets by 78–97%, rendering auto-ROP utilities ineffective and eliminating most CVE-related functions in glibc. Gain insights into the potential of TLASR for enhancing software security and mitigating buffer-overflow exploits through return-oriented programming.
Syllabus
[LCTES'23] Thread-Level Attack-Surface Reduction
Taught by
ACM SIGPLAN
Related Courses
Enter SandboxBlack Hat via YouTube Evaluation of the Executional Power in Windows Using Return Oriented Programming
IEEE via YouTube Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks
IEEE via YouTube ROP is Still Dangerous - Breaking Modern Defenses
USENIX via YouTube