a beautiful journey
play

A Beautiful Journey Lorenzo Cavallaro - PowerPoint PPT Presentation

Sep 20, 2023 •232 likes •969 views

A Beautiful Journey Memory Error Protections The Aftermath Conclusions A Beautiful Journey Lorenzo Cavallaro <Lorenzo.Cavallaro@rhul.ac.uk> Information Security Group Royal Holloway, University of London Jan, 26 2012 Lorenzo

  1. A Beautiful Journey Memory Error Protections The Aftermath Conclusions A Beautiful Journey Lorenzo Cavallaro <Lorenzo.Cavallaro@rhul.ac.uk> Information Security Group Royal Holloway, University of London Jan, 26 2012 Lorenzo Cavallaro A Beautiful Journey 1/52

  2. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Who Am I? Post-doc researcher, VU Amsterdam, working with: (Jan 2010–Dec 2011) Prof. Andy Tanenbaum (OS dependability) Prof. Herbert Bos (memory errors, malware analysis, and taint analysis) Post-doc researcher, UC at Santa Barbara, working with: (Apr 2008–Jan 2010) Prof. Giovanni Vigna and Prof. Christopher Kruegel (malware analysis and detection) Visiting PhD student, Stony Brook University, working with: (Sep 2006–Feb 2008) Prof. R. Sekar (memory errors protections, taint analysis, malware analysis) Lorenzo Cavallaro A Beautiful Journey 2/52

  3. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Who Am I? Post-doc researcher, VU Amsterdam, working with: (Jan 2010–Dec 2011) Prof. Andy Tanenbaum (OS dependability) Prof. Herbert Bos (memory errors, malware analysis, and taint analysis) Post-doc researcher, UC at Santa Barbara, working with: . . . Since Jan 2012, a happy Lecturer in the ISG :-) (Apr 2008–Jan 2010) Prof. Giovanni Vigna and Prof. Christopher Kruegel (malware analysis and detection) Visiting PhD student, Stony Brook University, working with: (Sep 2006–Feb 2008) Prof. R. Sekar (memory errors protections, taint analysis, malware analysis) Lorenzo Cavallaro A Beautiful Journey 2/52

  4. A Beautiful Journey

  5. A Beautiful Journey Memory Error Protections The Aftermath Conclusions (Some of the) Threats on the Internet Mallory Attacks Home banking, e- The Internet commerce, e-mail, www, . . . Bob Lorenzo Cavallaro A Beautiful Journey 4/52

  6. A Beautiful Journey Memory Error Protections The Aftermath Conclusions (Some of the) Threats on the Internet Mallory Attacks NIDS HIDS Home banking, e- The Internet commerce, e-mail, www, . . . Protocol Verification Bob (Offense) Disarming Memory errors Lorenzo Cavallaro A Beautiful Journey 4/52

  7. A Beautiful Journey Memory Error Protections The Aftermath Conclusions (Some of the) Threats on the Internet Mallory Attacks NIDS MalWeb HIDS Home banking, e- The Internet commerce, e-mail, www, . . . Protocol Verification Bob (Offense) Disarming Phishing, C&C, FastFlux, Drive Memory errors by Download Lorenzo Cavallaro A Beautiful Journey 4/52

  8. A Beautiful Journey Memory Error Protections The Aftermath Conclusions (Some of the) Threats on the Internet Mallory Attacks Malware Analysis/Detection NIDS MalWeb HIDS Home banking, e- Taint Analysis Limits The Internet commerce, e-mail, www, . . . Protocol Verification Bob (Offense) Disarming Phishing, C&C, FastFlux, Drive Memory errors by Download Lorenzo Cavallaro A Beautiful Journey 4/52

  9. A Beautiful Journey Memory Error Protections The Aftermath Conclusions (Some of the) Threats on the Internet Mallory Attacks Malware Analysis/Detection NIDS MalWeb HIDS Home banking, e- Taint Analysis Limits Pretty messy, huh ?! The Internet commerce, e-mail, www, . . . Protocol Verification Bob (Offense) Disarming Phishing, C&C, FastFlux, Drive Memory errors by Download Lorenzo Cavallaro A Beautiful Journey 4/52

  10. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Timeline of my research Botnet Analysis & Detection Network Intrusion Detection Systems Taint Analysis on Benign & (Limits on) Malicious Software Host Intrusion Detection Systems Memory Error Protections (Offense) Disarming (Diversification & Bounds Checking) 1999 2000 2005 2006 2007 2008 2009 2010 2011 2012 Trusted Computing OS Dependability & (Protocol Verification) Hardware-supported Virtualization Lorenzo Cavallaro A Beautiful Journey 5/52

  11. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Timeline of my research Botnet Analysis & Detection Network Intrusion Detection Systems Taint Analysis on Benign & (Limits on) Malicious Software Host Intrusion Detection Systems Memory Error Protections (Offense) Disarming Diversification (& Bounds Checking) 1999 2000 2005 2006 2007 2008 2009 2010 2011 2012 Trusted Computing OS Dependability & (Protocol Verification) Hardware-supported Virtualization Lorenzo Cavallaro A Beautiful Journey 5/52

  12. Diversified Process Replicæ

  13. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Memory Error A memory error occurs when an object accessed using a pointer expression is different from the one intended (the referent) Out-of-bounds access (e.g., buffer overflow) Access using a corrupted pointer (e.g., buffer overflow, format bug) Uninitialized pointer access, dangling pointers, . . . Memory error exploitation generally relies on Data corruption Gathering information on memory location addresses Ability to execute code (sometimes) Lorenzo Cavallaro A Beautiful Journey 7/52

  14. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Memory Error A memory error occurs when an object accessed using a pointer expression is different from the one intended (the referent) Out-of-bounds access (e.g., buffer overflow) Access using a corrupted pointer (e.g., buffer overflow, format bug) Uninitialized pointer access, dangling pointers, . . . Memory error exploitation generally relies on Data corruption Gathering information on memory location addresses Ability to execute code (sometimes) Lorenzo Cavallaro A Beautiful Journey 7/52

  15. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Memory Error A classic Code Pointer Corruption High Addresses ✞ i n t foo ( char ∗ i n p u t ) { char l b u f [ 6 4 ] ; input i n t i ; saved return address saved frame pointer f o r ( i = 0; i < s t r l e n ( i n p u t ) ; i ++) Stack Growth l b u f [ i ] = i n p u t [ i ] ; lbuf[63] lbuf[62] return 0; ✝ ✆ ✡ lbuf[0] Low Addresses Lorenzo Cavallaro A Beautiful Journey 8/52

  16. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Memory Error The exploit Well-known way to subvert/divert a legal process execution flow Usually overwrite control-data with absolute known values: Saved return addresses Application-specific function pointers “Other” function pointers (e.g., GOT , .dtors , C++ virtual pointers) Not only related to control flow hijacking. . . Lorenzo Cavallaro A Beautiful Journey 9/52

  17. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Memory Error The exploit Well-known way to subvert/divert a legal process execution flow Usually overwrite control-data with absolute known values: Saved return addresses Application-specific function pointers “Other” function pointers (e.g., GOT , .dtors , C++ virtual pointers) Not only related to control flow hijacking. . . (buffer overflow, format string bug, integer overflow, etc) Lorenzo Cavallaro A Beautiful Journey 9/52

  18. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Artificial Diversity Biological Diversity Plays a crucial role for the survivability of every biological species Memory error exploits rely on using well-known memory addresses ⇒ Make systems appear different ! Address Space Layout Randomization (ASLR) Fine-grained Address Space Randomization (ASR) Instruction Set Randomization (ISR) Lorenzo Cavallaro A Beautiful Journey 10/52

  19. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Artificial Diversity Biological Diversity Plays a crucial role for the survivability of every biological species Memory error exploits rely on using well-known memory addresses ⇒ Make systems appear different ! Address Space Layout Randomization (ASLR) Fine-grained Address Space Randomization (ASR) Instruction Set Randomization (ISR) Lorenzo Cavallaro A Beautiful Journey 10/52

  20. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Artificial Diversity Examples: ASLR & Fine-grained ASR 0x0 0x0 0x0 0x08048000 0x08048000 0x08048000 0x080XXXXX text text text data data data bss bss heap heap bss heap 0x40000000 0x40000000 0x40000000 mmap area 0x40XXX000 0x40XXX000 mmap area mmap area stack stack 0xbfXXXXXX 0xbfXXXXXX stack unmapped unmapped 0xbfffffff 0xbfffffff 0xbfffffff Lorenzo Cavallaro A Beautiful Journey 11/52

  21. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Artificial Diversity Limitations Such forms of artificial diversity Require high entropy Rely on keeping secrets . . . Disclosed by information leakage attacks . . . Defeated by brute forcing attacks Hard to counteract Partial memory overwriting attacks Most arbitrary data corruption Provides probabilistic protection Lorenzo Cavallaro A Beautiful Journey 12/52

  22. A Beautiful Journey Memory Error Protections The Aftermath Conclusions Artificial Diversity Limitations Such forms of artificial diversity Require high entropy Rely on keeping secrets . . . Disclosed by information leakage attacks . . . Defeated by brute forcing attacks Hard to counteract Partial memory overwriting attacks Most arbitrary data corruption Provides probabilistic protection Lorenzo Cavallaro A Beautiful Journey 12/52

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Here we go Yuck! Smelly cows! Where next???? Next stop, Calstock!!! What a beautiful day!!!!

Here we go Yuck! Smelly cows! Where next???? Next stop, Calstock!!! What a beautiful day!!!!

Here we go Yuck! Smelly cows! Where next???? Next stop, Calstock!!! What a beautiful day!!!! This is where we need to go next. We passed under the viaduct. Exciting!!! Toby Start of my journey. At the start of my journey my weakness was

545 views • 19 slides
Keep Texas Beautiful Partnership Keep Texas Beautiful Mission : To educate and engage Texans to

Keep Texas Beautiful Partnership Keep Texas Beautiful Mission : To educate and engage Texans to

Keep Texas Beautiful Partnership Keep Texas Beautiful Mission : To educate and engage Texans to take responsibility for improving their community environment Vision : To make Texas the cleanest, most beautiful state in the nation Focus Areas :

138 views • 12 slides
How to make beautiful 3D text How How How to to to make make make beautiful beautiful

How to make beautiful 3D text How How How to to to make make make beautiful beautiful

How to make beautiful 3D text How How How to to to make make make beautiful beautiful beautiful 3D 3D 3D text text text http://www.presentation-3d.com Now introduce you how to do a beautiful 3D text, the general 3d text do you

640 views • 5 slides
Keep America Beautiful: Do Beautiful Things W HAT IS K EEP A MERICA B EAUTIFUL ? Established in

Keep America Beautiful: Do Beautiful Things W HAT IS K EEP A MERICA B EAUTIFUL ? Established in

Keep America Beautiful: Do Beautiful Things W HAT IS K EEP A MERICA B EAUTIFUL ? Established in 1953 Seeks to: 600 Affiliates Nationwide 43 Affiliates in the State of Florida IN 2018 Activated 3.4 million Cleaned 71,000 miles of

156 views • 14 slides
PRESENTATION From nature to culture, a journey to the Age of Enlightenment THE SITE Situated in

PRESENTATION From nature to culture, a journey to the Age of Enlightenment THE SITE Situated in

PRESENTATION From nature to culture, a journey to the Age of Enlightenment THE SITE Situated in a beautiful location overlooking the immense curve of Lake Geneva, just a few minutes from Nyon and less than half an hour from Lausanne and Geneva,

367 views • 11 slides
A MONUMENTAL JOURNEY A MONUMENTAL JOURNEY PURPOSE A MONUMENTAL JOURNEY, SCULPTURE TO PRESERVE

A MONUMENTAL JOURNEY A MONUMENTAL JOURNEY PURPOSE A MONUMENTAL JOURNEY, SCULPTURE TO PRESERVE

A MONUMENTAL JOURNEY A MONUMENTAL JOURNEY PURPOSE A MONUMENTAL JOURNEY, SCULPTURE TO PRESERVE THE LEGACY OF AFRICAN-AMERICAN LAWYERS WHO, IN 1925, FOUNDED THE NATIONAL BAR ASSOCIATION (NBA), FULLY DEDICATED TO CIVIL RIGHTS, JUSTICE, AND

677 views • 11 slides
The Heros Journey The Heros Journey the hero's journey, is the common template of stories

The Heros Journey The Heros Journey the hero's journey, is the common template of stories

The Heros Journey The Heros Journey the hero's journey, is the common template of stories that involves a hero who goes on an adventure to a new world, and in a decisive crisis wins a victory, and then comes home changed or transformed.

419 views • 9 slides
The journey so far Greater Manchester: a snapshot picture The journey so far Who we are

The journey so far Greater Manchester: a snapshot picture The journey so far Who we are

The journey so far T he 22 billion question how can data help Greater Manchester optimise the impact of public services on population health? Jon Rouse, Chief Officer The journey so far Greater Manchester: a snapshot picture The journey

528 views • 52 slides
Jo Journey of In Indonesia Accounting Standards Now committed towards our journey to 2018

Jo Journey of In Indonesia Accounting Standards Now committed towards our journey to 2018

Jo Journey of In Indonesia Accounting Standards Now committed towards our journey to 2018 introduce a fully IFRS convergence converged SAK (with journey continues, 2016 I FRS ), as part of maintain the 1-year Indonesia financial Issued a

167 views • 3 slides
THE CACCETTA-H AGGKVIST CONJECTURE Adrian Bondy What is a beautiful conjecture? The

THE CACCETTA-H AGGKVIST CONJECTURE Adrian Bondy What is a beautiful conjecture? The

THE CACCETTA-H AGGKVIST CONJECTURE Adrian Bondy What is a beautiful conjecture? The mathematicians patterns, like the painters or the poets must be beautiful; the ideas, like the colors or the words must fit together in a

796 views • 43 slides
The portfolio, presentation and tour The Beautiful Scotland process provides your group with three

The portfolio, presentation and tour The Beautiful Scotland process provides your group with three

The portfolio, presentation and tour The Beautiful Scotland process provides your group with three opportunities to impress the judges, to show off your achievements ( these must all be relevant to the three pillars of Beautiful Scotland ), and to

118 views • 7 slides
Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic

Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic

Beyond Beyond Journey Journey Times Times Bluetooth journey time process Moving beyond basic journey times Modelling Route analysis Traveller segmentation Visualisation and interaction Raw observation vs modelling Moving from what

668 views • 28 slides
THE DREAM Esther 2:2-4 NIV Let a search be made for beautiful young virgins for the king. Let

THE DREAM Esther 2:2-4 NIV Let a search be made for beautiful young virgins for the king. Let

THE DREAM Esther 2:2-4 NIV Let a search be made for beautiful young virgins for the king. Let the kin appoint commissioners in every province of his realm to bring all these beautiful young women into the harem at the citadel of Susa.

491 views • 10 slides
E F K ON IN D IA C O M P A N Y O V E R V I E W Smooth Journey, Safe Journey. CITIES | HIGHWAYS

E F K ON IN D IA C O M P A N Y O V E R V I E W Smooth Journey, Safe Journey. CITIES | HIGHWAYS

E F K ON IN D IA C O M P A N Y O V E R V I E W Smooth Journey, Safe Journey. CITIES | HIGHWAYS | TUNNELS | LOGISTICS | FINANCIAL INSTITUTIONS EFKON INDIA AT A GLANCE 700+ 30+ 100% subsidiary Top 25 innovative company award by CII

515 views • 17 slides
Beautiful Bijections for Permutation Lara Pudwell Patterns Pattern- Avoiding Permutations

Beautiful Bijections for Permutation Lara Pudwell Patterns Pattern- Avoiding Permutations

Beautiful Bijections for Permutation Patterns Beautiful Bijections for Permutation Lara Pudwell Patterns Pattern- Avoiding Permutations Strategy Lara Pudwell Beautiful Valparaiso University Bijections Compositions Dyck Paths Others?

567 views • 43 slides
Our Journey Our Journey and the Future to 2030 DNA Arise into of Arise the Future Successes

Our Journey Our Journey and the Future to 2030 DNA Arise into of Arise the Future Successes

Our Journey Our Journey and the Future to 2030 DNA Arise into of Arise the Future Successes and Highlights The Story of Arise The start of our journey Arise Key Milestones September First close signing Supervisory Board in place 2015

556 views • 36 slides
22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor

22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor

22:010:622 Internet Technology and E-Business Dr. Peter R. Gillett Associate Professor Department of Accounting &amp; Information Systems Rutgers Business School Newark &amp; New Brunswick Dr. Peter R Gillett April 23, 2003 1 Outline

777 views • 40 slides
Bot-based IT Troubleshooting Benjamin Braun advised by Jonas Jelten, Simon Bauer Friday 11 th

Bot-based IT Troubleshooting Benjamin Braun advised by Jonas Jelten, Simon Bauer Friday 11 th

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Bot-based IT Troubleshooting Benjamin Braun advised by Jonas Jelten, Simon Bauer Friday 11 th January, 2019 Chair of Network Architectures and

616 views • 27 slides
Multimodal Chatbots Nancy Xu Googles UI hasnt changed much in 20 years. Information

Multimodal Chatbots Nancy Xu Googles UI hasnt changed much in 20 years. Information

Multimodal Chatbots Nancy Xu Googles UI hasnt changed much in 20 years. Information interfaces are ripe for disruption. The Internet looks like this Chatbots look like this Virtual assistants are opening doors for natural , dynamic

589 views • 7 slides
Advisory Committee on Immunization Practices (ACIP) MEETING OF THE ADVISORY COMMITTEE ON

Advisory Committee on Immunization Practices (ACIP) MEETING OF THE ADVISORY COMMITTEE ON

Centers for Disease Control and Prevention Centers for Disease Control and Prevention Centers for Disease Control and Prevention Centers for Disease Control and Prevention National Center for Immunization and Respiratory Diseases National

400 views • 9 slides
Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020

Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020

Q3 2020 Results 30 th October 2020 Alison ison Rose se Chief Executive Officer 2 Q3 2020 results highlights Q320 Operating performance Impai airments nts CET1 1 ratio tio Resilient operating 3.1 billion 0.6 billion 18.2%

599 views • 29 slides
Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn

Foundations of Network and Foundations of Network and Computer Security Computer Security J ohn Black J Lecture #13 Oct 7 th 2004 CSCI 6268/TLEN 5831, Fall 2004 Announcements Two new readings were assigned How to 0wn the Internet in

768 views • 39 slides
Google Cloud Platform Intro Why GCP? Student-friendly Credits without credit-cards

Google Cloud Platform Intro Why GCP? Student-friendly Credits without credit-cards

Google Cloud Platform Intro Why GCP? Student-friendly Credits without credit-cards Ability to use pdx.edu accounts for credits Per-second billing Supports open-source APIs and tools to avoid vendor lock-in Go Kubernetes

1.64k views • 46 slides
Software Development &amp; Technology Your Study Plan, Fall 2011 Andrzej W asowski

Software Development &amp; Technology Your Study Plan, Fall 2011 Andrzej W asowski

Software Development &amp; Technology Your Study Plan, Fall 2011 Andrzej W asowski Curriculum Structure Software Technology Track Software Technology Track Primarily for you with limited or non IT experience Software Enginering Track

792 views • 58 slides

More recommend