ESWEEK Logo ESWEEK 2015 Logo

Full day Tutorial

Title

The Beast in Your Memory: Modern Exploitation Techniques and Defenses

Presenters

Lucas Davi and Ahmad-Reza Sadeghi, Technische Universität Darmstadt and Intel Collaborative Research Institute for Secure Computing (ICRI-SC)

Abstract

Memory corruption attacks belong to the most-widely deployed attacks since almost three decades. These attacks have been already applied in the first famous Internet worm (the Morris worm in 1988). Today, they are used to compromise web browsers, launch iOS jailbreaks, and partially in zero day issues exploited in large-scale cyberattacks such as Stuxnet and Duqu. In particular, code-reuse techniques such as return-oriented programming undermine the security model of non-executable memory (the No-Execute Bit) and memory randomization. Defending against these attacks is a hot topic of research. In this tutorial, the attendees will be introduced to the state-of-the-art memory exploitation techniques and defenses. We give an overview of the main principles of memory exploitation covering stack smashing, return-into-libc, and return-oriented programming. We also elaborate on modern defenses such as control-flow integrity and memory randomization. In a hands-on lab, the attendees will construct proof-ofconcept exploits targeting mobile platforms (based on ARM).

Upcoming Conference

Important Dates

  • Abstract Submission
    March 23, 2015 (11:59 pm GMT-12)

  • Full Paper Submission
    March 30, 2015 (11:59 pm GMT-12)
    (Firm deadline)

  • Notification of Paper Acceptance
    June 08, 2015

  • Camera-ready version
    July 13, 2015

  • Conference
    Oct. 04-09, 2015

Information for Presentors

Advance Program

Electronic Proceedings

Registration

Organizing Committee

Conferences

Symposia

Workshops

Travel

Conference Venue

Social Program

Visa Information

Previous Conferences

Sponsoring societies
acm ieee
Industry/Academy Sponsors
Pictures on top right, coprighted to Yuri Demchenko.