YoVDO

Control-Flow Bending - On the Effectiveness of Control-Flow Integrity

Offered By: USENIX via YouTube

Tags

USENIX Security Courses Cybersecurity Courses Control-Flow Integrity Courses

Course Description

Overview

Explore a conference talk from USENIX Security '15 that examines the effectiveness of Control-Flow Integrity (CFI) as a defense against control-flow hijacking attacks. Delve into the research conducted by experts from the University of California, Berkeley, ETH Zürich, and Purdue University as they challenge common evaluation metrics and reveal limitations in fully-precise static CFI security. Learn about Control-Flow Bending (CFB), a generalization of non-control-data attacks, and its implications for achieving Turing-complete computation using standard library calls. Analyze the evaluation results of CFI on six real binaries and understand why CFI may not be a reliable defense against memory corruption vulnerabilities. Additionally, examine the role of shadow stacks in combination with CFI and their impact on enhancing security measures.

Syllabus

Intro
Background
Control-Flow Integrity
Shadow Stacks
Prior Work: Weak CFI is broken
Return to Libc: Challenges
Dispatcher Functions
Evaluation (part 1)
Evaluation (part 2)
Printf-Oriented Programming
Conclusion
Questions?


Taught by

USENIX

Related Courses

Computer Security
Stanford University via Coursera
Cryptography II
Stanford University via Coursera
Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera
Building an Information Risk Management Toolkit
University of Washington via Coursera
Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network