Forschungstreffen 15294
The Continuing Arms Race: Code-Reuse Attacks and Defenses
( 12. Jul – 15. Jul, 2015 )
(zum Vergrößern in der Bildmitte klicken)
Permalink
Bitte benutzen Sie folgende Kurz-Url zum Verlinken dieser Seite:
https://www.dagstuhl.de/15294
Organisatoren
- Ulfar Erlingsson (Google Inc. - Mountain View, US)
- Thorsten Holz (Ruhr-Universität Bochum, DE)
- Per Larsen (University of California - Irvine, US)
- Ahmad-Reza Sadeghi (TU Darmstadt, DE)
Kontakt
- Heike Clemens (für administrative Fragen)
Dagstuhl Seminar Wiki
- Dagstuhl Seminar Wiki (Use personal credentials as created in DOOR to log in)
Gemeinsame Dokumente
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Programm
Code reuse attacks pose a severe threat to modern software, silently breaching and infecting various systems ranging from desktop PCs to mobile and embedded systems. They can bypass many deployed defenses including data execution prevention and memory randomization (ASLR). The design and development of practical and effective defenses against code reuse attacks is extremely challenging and has recently become a hot research topic. Code-reuse with its most prominent instantiation return-oriented programming (ROP) may seem like a solved problem given the high scores of papers on possible defenses recently published on established security conferences. Unfortunately, many proposed defenses make assumptions that a sufficiently determined and resourced attacker can skirt, or require system changes that are highly challenging to transfer into practice; and frequently both.
This seminar will bring together researchers and practitioners to analyze the state-of-the-art in code reuse attacks and mitigations, to devise improved approaches, and to establish a roadmap for future research and practice.
Keywords Code-reuse attacks, code-reuse mitigations, return-oriented programming, control-flow integrity, software diversity, compilation, binary rewriting, JIT-compilation, operating systems, browsers
