Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Missing the Point(er) - On the Effectiveness of Code Pointer Integrity

IEEE via YouTube

Overview

Explore a critical analysis of Code Pointer Integrity (CPI) in this IEEE Symposium on Security & Privacy conference talk. Delve into the effectiveness of CPI as a defense mechanism against memory corruption attacks, examining its promise to balance security and performance. Learn about the implementation of CPI on different architectures and its reliance on information hiding. Discover the vulnerabilities of CPI's safe region when relying on information hiding, demonstrated through a proof-of-concept exploit against Nginx. Understand the importance of adequately protecting secrets in security mechanisms and the risks associated with relying on difficulty of guessing without ensuring the absence of memory leaks. Gain insights into memory corruption attacks, complete memory safety for C/C++, and the trade-offs between security and performance in defense mechanisms.

Syllabus

Intro
Bottom Line Upfront
A Buffer Overflow
Control Flow Attack Example
Memory Corruption Attacks
Complete Memory Safety for C
CPI vs. Complete Memory Safety
How CPI Protects Pointers
CPI Underlying Assumptions
Info Leak without Memory Disclosure
Non-Crashing & Crashing Scenarios
Better Randomization
Conclusion
Thank You

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Missing the Point(er) - On the Effectiveness of Code Pointer Integrity

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.