Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Readactor: Practical Code Randomization Resilient to Memory Disclosure

IEEE via YouTube

Overview

Explore a groundbreaking defense against code-reuse attacks in this IEEE Symposium on Security & Privacy conference talk. Delve into Readactor, the first practical, fine-grained code randomization defense resilient to both static and dynamic return-oriented programming (ROP) attacks. Learn how this innovative approach addresses direct and indirect memory disclosure vulnerabilities, protects statically and dynamically generated code, and utilizes hardware features for execute-only memory. Discover the compiler-based code generation paradigm that hides code pointers from potential adversaries. Examine the implementation of Readactor in the Google Chromium browser and its V8 JIT compiler, and explore its efficiency with an average SPEC CPU2006 performance overhead of only 6.4%.

Syllabus

Intro
Adversary Model / Assumptions
Disclosure of Randomized Code
Code Disclosure
Preventing Direct Disclosure
Execute-Only EPT Mapping
Indirect Disclosure Attack
Code-Pointer Hiding
Readactor Compiler
Runtime Architecture
JIT Compiler Support
Evaluation
SPEC CPU2006
Conclusion

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Readactor: Practical Code Randomization Resilient to Memory Disclosure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.