12. – 15. Juli 2015, Event 15294

The Continuing Arms Race: Code-Reuse Attacks and Defenses


Ulfar Erlingsson (Google Inc. – Mountain View, US)
Thorsten Holz (Ruhr-Universität Bochum, DE)
Per Larsen (University of California – Irvine, US)
Ahmad-Reza Sadeghi (TU Darmstadt, DE)

Auskunft zu diesem Event erteilt

Heike Clemens


Gemeinsame Dokumente
Event Wiki
Programm des Events [pdf]

(Zum Einloggen bitte Seminarnummer und Zugangscode verwenden)

The Continuing Arms Race: Code-Reuse Attacks and Defenses

Code reuse attacks pose a severe threat to modern software, silently breaching and infecting various systems ranging from desktop PCs to mobile and embedded systems. They can bypass many deployed defenses including data execution prevention and memory randomization (ASLR). The design and development of practical and effective defenses against code reuse attacks is extremely challenging and has recently become a hot research topic. Code-reuse with its most prominent instantiation return-oriented programming (ROP) may seem like a solved problem given the high scores of papers on possible defenses recently published on established security conferences. Unfortunately, many proposed defenses make assumptions that a sufficiently determined and resourced attacker can skirt, or require system changes that are highly challenging to transfer into practice; and frequently both.

This seminar will bring together researchers and practitioners to analyze the state-of-the-art in code reuse attacks and mitigations, to devise improved approaches, and to establish a roadmap for future research and practice.

Keywords Code-reuse attacks, code-reuse mitigations, return-oriented programming, control-flow integrity, software diversity, compilation, binary rewriting, JIT-compilation, operating systems, browsers

Dagstuhl's Impact

Bitte informieren Sie uns, wenn eine Veröffentlichung ausgehend von
Ihrem Seminar entsteht. Derartige Veröffentlichungen werden von uns in der Rubrik Dagstuhl's Impact aufgelistet und separat in der Bibliothek präsentiert.