Max-Planck-Institut für Informatik
max planck institut
mpii logo Minerva of the Max Planck Society

MPI-INF or MPI-SWS or Local Campus Event Calendar

New for: D1, D2, D3, D4, D5
<< Previous Entry Next Entry >> New Event Entry Edit this Entry Login to DB (to update, delete)
What and Who
Title:50 Shades of CRE (Code Reuse Exploits)
Speaker:Herbert Bos
coming from:Vrije Universiteit Amsterdam
Speakers Bio:Herbert Bos is professor of Systems Security at  VU University Amsterdam. He obtained his Ph.D. from Cambridge University, and in recent years, obtained an ERC Starting Grant to work on reverse engineering and a VICI grant to work on techniques to detect vulnerabilities in binaries. He is proud of his students, 3 of whom (and 4 in his group) have won the Roger Needham PhD Award for best Ph.D. thesis in Europe. More importantly, he is the current PC chair of RAID and encourages you all to submit your best work there. 
Event Type:CISPA Distinguished Lecture Series
Visibility:D1, D2, D3, D4, D5, SWS, RG1, MMCI
We use this to send out email in the morning.
Level:Public Audience
Date, Time and Location
Date:Wednesday, 17 June 2015
Duration:60 Minutes
Building:E1 5
While exploitation of binary code in modern systems with all defenses up has become much more difficult than in the past, attackers still manage to seize control of even our most advanced systems---typically by reusing code already in the program. In this talk, I will explain why it is hard to thwart such attacks and sketch the two main approaches to stop them: diversification and control flow management (which includes all forms of control flow integrity). Diversification is all about trying to keep attackers from knowing about the code snippets they might want to use to construct malicious behaviour. Control flow management is trying to prevent attackers from diverting the control flow in the program. Both approaches are insanely hot and these days we have papers about new solutions coming out of the woodworks.  I will discuss some of the difficulties in getting this right and argue that, in theory at least, diversification is stronger than control flow integrity. Finally, I will sketch some of the work we are doing in this direction in my group.
Name(s):Sabine Nermerich
EMail:--email address not disclosed on the web
Video Broadcast
Video Broadcast:NoTo Location:
Tags, Category, Keywords and additional notes
Attachments, File(s):
Created by:Sabine Nermerich/AG4/MPII/DE, 05/27/2015 10:36 AMLast modified by:Uwe Brahm/MPII/DE, 11/24/2016 04:13 PM
  • Sabine Nermerich, 06/17/2015 08:55 AM
  • Sabine Nermerich, 05/27/2015 10:39 AM -- Created document.