Hong Hu - Hacking Data-Flow for Turing-Complete Attacks
From Katie Gentilello March 2nd, 2018
54 plays
54
0 comments
0
Related Media
Control-flow hijacking attacks from memory errors become more and more difficult as targeted defense mechanisms gain wide deployment. As an alternative, non-control data attacks do not require diverting the application’s control flow, and thus can bypass existing advanced defense mechanisms. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness. In this talk, Dr. Hu will first present data-flow stitching, a systematic method to build data-oriented attacks. Instead of corrupting individual data inside the program, data-flow stitching breaks existing data-flows and connects the fragments in a malicious manner, thus enabling systematic construction. Then I will propose data-oriented programming, a novel method to build expressive data-oriented attacks, even Turing-complete attacks. Finally, Dr.Hu will show data-oriented attacks against Chromium that bypass the fundamental SOP policy.
https://mediaspace.gatech.edu/media/hu/1_j3dophcm
https://mediaspace.gatech.edu/media/hu/1_j3dophcm
- Tags
- name
- Hong Hu
- Date
- February 23rd, 2018
- Appears In
Link to Media Page
Loading