Thread-Level Attack-Surface Reduction for Enhanced Security
Offered By: ACM SIGPLAN via YouTube
Course Description
Overview
Explore a groundbreaking approach to cybersecurity in this 22-minute conference talk from LCTES 2023. Delve into Thread-Level Attack-Surface Reduction (TLASR), a dynamic, context-aware method that significantly reduces the attack surface in multi-threaded applications. Learn how TLASR eliminates unused code on a thread level, utilizing the mmview Linux extension to support multiple text-segment views within a single process. Discover the impressive results achieved in popular applications like MariaDB, Memcached, OpenSSH, and Bash, where executable code visible from a single thread was reduced by 84 to 98.4 percent. Understand how this technique decreases ROP gadgets by 78–97%, rendering auto-ROP utilities ineffective and eliminating most CVE-related functions in glibc. Gain insights into the potential of TLASR for enhancing software security and mitigating buffer-overflow exploits through return-oriented programming.
Syllabus
[LCTES'23] Thread-Level Attack-Surface Reduction
Taught by
ACM SIGPLAN
Related Courses
Connecting and Deploying Amazon ElastiCachePluralsight How to install an Open Source LMS - Part 1
Udemy Facebook's Use of Memcached for Caching and Storage Performance
Meta via YouTube SSRF PWNs - New Techniques and Stories
Hack In The Box Security Conference via YouTube RDMA Is Turing Complete, We Just Did Not Know It Yet
USENIX via YouTube