Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Counterfeit Object-Oriented Programming

IEEE via YouTube

Overview

Explore a comprehensive analysis of code reuse attacks and defenses in C++ applications, focusing on the novel Counterfeit Object-oriented Programming (COOP) technique. Delve into the vulnerabilities of existing defense mechanisms against COOP, including CFI solutions and C++-specific protections. Examine the Turing-complete nature of COOP in real-world scenarios, with practical demonstrations using exploits for Internet Explorer and Firefox. Gain insights into the challenges of constructing COOP-resilient defenses without source code access, and understand the implications for future security measures against control flow hijacking attacks.

Syllabus

Intro
Introduction: Code-reuse attacks
Introduction: Defenses
Background: C++ object layouts
COOP Motivation
Control flow in COOP
The Main Loop (2)
Attacker-injected data
Adding values (ARITH-G)
Writing to memory W-G
Proof of concept exploits
Applicability
Properties of COOP
How to prevent COOP?
Defenses Review

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Counterfeit Object-Oriented Programming

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.