Abstract

In this talk, I will give a brief introduction to code reuse attacks – e.g., return-oriented programming – and give an overview on recent developments in defenses; including academic proposal as well as actually deployed ones such as EMET and CFG .

I will present my own work on two advanced attack techniques dubbed “Branch History Flushing” (RAID 2014) and “Counterfeit Object-oriented Programming” (short COOP ; in submission). COOP abuses common artifacts in binary C++ code and breaks with long-held assumptions on the nature of code reuse attacks. Consequently, it bypasses a wide range of existing defenses including the recently proposed “Code-Pointer Separation” (practical “Code-Pointer Integrity”; OSDI 2014 ) and Windows 10’s CFG . I will discuss in particular why currently no strong defense against COOP exists that does not require access to a software’s source code and why designing a strong binary-only defense will be challenging.

The main takeaway should be that many of today’s defenses are built on improper assumptions and that even supposedly small “wiggle room” for an attacker can still lead to full system compromise.