YoVDO

Thread-Level Attack-Surface Reduction for Enhanced Security

Offered By: ACM SIGPLAN via YouTube

Tags

Return-oriented Programming Courses Bash Courses Linux Courses MariaDB Courses OpenSSH Courses Memcached Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore a groundbreaking approach to cybersecurity in this 22-minute conference talk from LCTES 2023. Delve into Thread-Level Attack-Surface Reduction (TLASR), a dynamic, context-aware method that significantly reduces the attack surface in multi-threaded applications. Learn how TLASR eliminates unused code on a thread level, utilizing the mmview Linux extension to support multiple text-segment views within a single process. Discover the impressive results achieved in popular applications like MariaDB, Memcached, OpenSSH, and Bash, where executable code visible from a single thread was reduced by 84 to 98.4 percent. Understand how this technique decreases ROP gadgets by 78–97%, rendering auto-ROP utilities ineffective and eliminating most CVE-related functions in glibc. Gain insights into the potential of TLASR for enhancing software security and mitigating buffer-overflow exploits through return-oriented programming.

Syllabus

[LCTES'23] Thread-Level Attack-Surface Reduction


Taught by

ACM SIGPLAN

Related Courses

Enter Sandbox
Black Hat via YouTube
Evaluation of the Executional Power in Windows Using Return Oriented Programming
IEEE via YouTube
Spectre Attacks Exploiting Speculative Execution
IEEE via YouTube
Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks
IEEE via YouTube
ROP is Still Dangerous - Breaking Modern Defenses
USENIX via YouTube