报告题目:针对数据流的攻击:危害,构造和实战
Data-Oriented Attacks: Expressiveness, Construction and Application
演讲人:胡宏,博士后,佐治亚理工学院
时间:2017年2月21日(周二)10:00am -12:00am
地点:清华大学信息技术大楼(FIT) 3-225
内容摘要:
围绕内存漏洞的攻防已经持续了近三十年。随着防护技术的发展,针对控制流的攻击变得愈发困难。少量针对数据流的攻击显示出了其潜在的危害性。 然而,目前对针对数据流的攻击还知之甚少。 我们深入地研究了针对数据流的攻击,提出了系统性的构造方法,并证明其危害性为图灵完备的。最后我们在主流浏览器 Chromium 上实现了针对数据流的攻击,成功绕过了同源策略。
As defense solutions against control-flow hijacking attacks gain wide deployment, control-oriented exploits from memory errors become difficult. As an alternative, attacks targeting non-control data do not require diverting the application’s control flow during an attack. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness. In this talk, we present data-flow stitching, a systematic method to build data-oriented attacks. Then we propose data-oriented programming to demonstrate that data-oriented attacks can be Turing-complete. Finally, we build data-oriented attacks on Chromium to bypass the fundamental SOP (same origin policy) enforcement.
演讲人简介:
胡宏博士2016年毕业于新加坡国立大学,师从梁振凯教授。他的研究兴趣在系统安全领域,目前集中在内存漏洞的检测,利用及防护上。他的研究成果发表在 Oakland, Usenix, CCS, ESORICS, ICECCS 等安全会议上,并获得 ICECCS Best Paper Award。胡宏博士将前往佐治亚理工 Prof. Wenke Lee 研究组从事博士后工作。
Dr. Hong Hu obtained his PhD degree from National University of Singapore, advisored by Prof. Zhenkai Liang. He also closely works with Prof. Prateek Saxena. His research interest focuses on system security. Currently, he is working on the detection, exploitation and defense of memory errors. His research work has been published on Oakland, Usenix, CCS, ESORICS, ICECCS etc. He has received the Best Paper Award from ICECCS’2014. Dr. Hong Hu will join GeorgiaTech for 2-years PostDoc.
联系人: 段海新, duanhx@tsinghua.edu.cn 清华大学网络科学与网络空间研究院
