Hong Hu - Hacking Data-Flow for Turing-Complete Attacks

From Katie Gentilello March 2nd, 2018

54 plays 0 comments

Control-flow hijacking attacks from memory errors become more and more difficult as targeted defense mechanisms gain wide deployment. As an alternative, non-control data attacks do not require diverting the application’s control flow, and thus can bypass existing advanced defense mechanisms. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness. In this talk, Dr. Hu will first present data-flow stitching, a systematic method to build data-oriented attacks. Instead of corrupting individual data inside the program, data-flow stitching breaks existing data-flows and connects the fragments in a malicious manner, thus enabling systematic construction. Then I will propose data-oriented programming, a novel method to build expressive data-oriented attacks, even Turing-complete attacks. Finally, Dr.Hu will show data-oriented attacks against Chromium that bypass the fundamental SOP policy.

https://mediaspace.gatech.edu/media/hu/1_j3dophcm

Tags: institute for information security & privacycybersecurity lecture seriesgeorgia techrecorded by gtlibraryspring 2018

name: Hong Hu
Date: February 23rd, 2018
Appears In: Open Scholarship

Comments
Related Media

Loading…

Hong Hu - Hacking Data-Flow for Turing-Complete Attacks

Related Media