Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks

IEEE via YouTube

Overview

Explore advanced cybersecurity concepts in this IEEE conference talk on undermining destructive code reads through code-inference attacks. Delve into the limitations of a defensive strategy that combines fine-grained address space layout randomization with the destruction of disclosed gadgets. Learn about novel attack tactics, including constructive reloads and code association via implicit reads, that render this mitigation ineffective. Examine concrete attack instantiations against popular applications and understand the cautionary implications for defensive approaches relying on in-place randomization. Gain insights into return-oriented programming, address space layout randomization (ASLR), just-in-time code reuse, and mitigation strategies for binary compatibility.

Syllabus

Intro
The Big Picture
Basics of Return-Oriented Programming
Basics of ASLR
Basics of Fine-grained ASLR
Basics of Just-in-Time Code Reuse
Mitigation Strategies
Challenges for Binary-Compatibility
No Execute After Read (NEAR)
Contributions
Undermining Destructive Reads
Take-aways

Taught by

IEEE Symposium on Security and Privacy

Reviews

Start your review of Return to the Zombie Gadgets - Undermining Destructive Code Reads via Code-Inference Attacks

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.