Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Control-Flow Bending - On the Effectiveness of Control-Flow Integrity

USENIX via YouTube

Overview

Explore a conference talk from USENIX Security '15 that examines the effectiveness of Control-Flow Integrity (CFI) as a defense against control-flow hijacking attacks. Delve into the research conducted by experts from the University of California, Berkeley, ETH Zürich, and Purdue University as they challenge common evaluation metrics and reveal limitations in fully-precise static CFI security. Learn about Control-Flow Bending (CFB), a generalization of non-control-data attacks, and its implications for achieving Turing-complete computation using standard library calls. Analyze the evaluation results of CFI on six real binaries and understand why CFI may not be a reliable defense against memory corruption vulnerabilities. Additionally, examine the role of shadow stacks in combination with CFI and their impact on enhancing security measures.

Syllabus

Intro
Background
Control-Flow Integrity
Shadow Stacks
Prior Work: Weak CFI is broken
Return to Libc: Challenges
Dispatcher Functions
Evaluation (part 1)
Evaluation (part 2)
Printf-Oriented Programming
Conclusion
Questions?

Taught by

USENIX

Reviews

Start your review of Control-Flow Bending - On the Effectiveness of Control-Flow Integrity

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.