Missing the Point(er) - On the Effectiveness of Code Pointer Integrity

Explore a critical analysis of Code Pointer Integrity (CPI) in this IEEE Symposium on Security & Privacy conference talk. Delve into the effectiveness of CPI as a defense mechanism against memory corruption attacks, examining its promise to balance security and performance. Learn about the implementation of CPI on different architectures and its reliance on information hiding. Discover the vulnerabilities of CPI's safe region when relying on information hiding, demonstrated through a proof-of-concept exploit against Nginx. Understand the importance of adequately protecting secrets in security mechanisms and the risks associated with relying on difficulty of guessing without ensuring the absence of memory leaks. Gain insights into memory corruption attacks, complete memory safety for C/C++, and the trade-offs between security and performance in defense mechanisms.

Intro
Bottom Line Upfront
A Buffer Overflow
Control Flow Attack Example
Memory Corruption Attacks
Complete Memory Safety for C
CPI vs. Complete Memory Safety
How CPI Protects Pointers
CPI Underlying Assumptions
Info Leak without Memory Disclosure
Non-Crashing & Crashing Scenarios
Better Randomization
Conclusion
Thank You