just in time code reuse
play

Just-in-Time Code Reuse The more things change, the more they stay - PowerPoint PPT Presentation

Feb 18, 2024 •139 likes •1.42k views

Just-in-Time Code Reuse The more things change, the more they stay the same Kevin Z. Snow 1 Luca Davi 2 & C. Liebchen 2 A. Dmitrienko 2 F. Monrose 1 A.-R. Sadeghi 2 1 Department of Computer Science 2 CASED/Technische Universitt University

  1. Basics of Fine-grained ASLR Application ¡Run ¡1 Application ¡Run ¡2 Library ¡(e.g., ¡ user32.dll) Library ¡(e.g., ¡ user32.dll) Instruction RET Sequence 3 Instruction RET Sequence 1 Instruction RET Sequence 1 Instruction RET Sequence 2 Instruction RET Sequence 2 Instruction RET Sequence 3  Different ¡fine-­‑grained ¡ASLR ¡approaches ¡have ¡been ¡proposed ¡recently  ORP ¡[Pappas ¡et ¡al., ¡IEEE ¡Security ¡& ¡Privacy ¡2012]  ILR ¡[Hiser ¡et ¡al., ¡IEEE ¡Security ¡& ¡Privacy ¡2012]  STIR ¡[Wartell ¡et ¡al., ¡ACM ¡CCS ¡2012]  XIFER ¡[Davi ¡et ¡al., ¡ASIACCS ¡2013]  All ¡mi&gate ¡single ¡memory ¡disclosure ¡a0acks 10 Thursday, August 1, 13 10

  2. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string Thursday, August 1, 13 11

  3. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string MOV EAX, &string MOV EBX, &ptr Thursday, August 1, 13 11

  4. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string MOV EAX, &string MOV EBX, &ptr • Instruction Substitution Original Randomized MOV EBX, $0 Thursday, August 1, 13 11

  5. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string MOV EAX, &string MOV EBX, &ptr • Instruction Substitution Original Randomized MOV EBX, $0 XOR EBX,EBX Thursday, August 1, 13 11

  6. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string MOV EAX, &string MOV EBX, &ptr • Instruction Substitution Original Randomized MOV EBX, $0 XOR EBX,EBX • Register Re-Allocation (in case another register is free to use) Original Randomized MOV EAX, &ptr CALL *EAX Thursday, August 1, 13 11

  7. Inner Basic Block Randomization [Pappas et al., IEEE S&P 2012] • Instruction Reordering Original Randomized MOV EBX, &ptr MOV EAX, &string MOV EAX, &string MOV EBX, &ptr • Instruction Substitution Original Randomized MOV EBX, $0 XOR EBX,EBX • Register Re-Allocation (in case another register is free to use) Original Randomized MOV EAX, &ptr MOV EBX, &ptr CALL *EAX CALL *EBX Thursday, August 1, 13 11

  8. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Thursday, August 1, 13 12

  9. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original BBL_1 BBL_2 BBL_3 Thursday, August 1, 13 12

  10. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original BBL_1 MOV EBX, EAX CALL 0x10FF BBL_2 MOV (ESP), EAX RET BBL_3 0x10FF: ADD EAX, ECX RET Thursday, August 1, 13 12

  11. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original BBL_1 MOV EBX, EAX CALL 0x10FF BBL_2 MOV (ESP), EAX RET BBL_3 0x10FF: ADD EAX, ECX RET Thursday, August 1, 13 12

  12. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 MOV EBX, EAX CALL 0x10FF BBL_2 MOV (ESP), EAX RET BBL_3 0x10FF: ADD EAX, ECX RET Thursday, August 1, 13 12

  13. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 BBL_2 MOV EBX, EAX 0x1000: CALL 0x10FF BBL_2 BBL_3 MOV (ESP), EAX 0x10A0: RET BBL_3 BBL_1 0x10FF: ADD EAX, ECX 0x10FF: RET Thursday, August 1, 13 12

  14. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 BBL_2 MOV EBX, EAX 0x1000: CALL 0x10FF BBL_2 BBL_3 MOV (ESP), EAX 0x10A0: RET BBL_3 BBL_1 0x10FF: ADD EAX, ECX MOV EBX, EAX 0x10FF: RET CALL 0x10A0 Thursday, August 1, 13 12

  15. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 BBL_2 MOV EBX, EAX 0x1000: CALL 0x10FF BBL_2 BBL_3 MOV (ESP), EAX 0x10A0: ADD EAX, ECX RET RET BBL_3 BBL_1 0x10FF: ADD EAX, ECX MOV EBX, EAX 0x10FF: RET CALL 0x10A0 Thursday, August 1, 13 12

  16. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 BBL_2 MOV EBX, EAX 0x1000: CALL 0x10FF BBL_2 BBL_3 MOV (ESP), EAX 0x10A0: ADD EAX, ECX RET RET BBL_3 BBL_1 0x10FF: ADD EAX, ECX MOV EBX, EAX 0x10FF: RET CALL 0x10A0 JMP 0x1000 Thursday, August 1, 13 12

  17. Basic Block Randomization [Wartell et al., ACM CCS 2012; Davi et al. AsiaCCS 2013] Original Randomized BBL_1 BBL_2 MOV EBX, EAX 0x1000: MOV (ESP), EAX CALL 0x10FF RET BBL_2 BBL_3 MOV (ESP), EAX 0x10A0: ADD EAX, ECX RET RET BBL_3 BBL_1 0x10FF: ADD EAX, ECX MOV EBX, EAX 0x10FF: RET CALL 0x10A0 JMP 0x1000 Thursday, August 1, 13 12

  18. Instruction Location Randomization [Hiser et al., IEEE S&P 2012] Original MOV EBX, EAX CALL 0x10FF MOV (ESP), EAX RET ADD EAX, ECX 0x10FF: RET Thursday, August 1, 13 13

  19. Instruction Location Randomization [Hiser et al., IEEE S&P 2012] Original Randomized MOV EBX, EAX MOV (ESP), EAX 0x1000: CALL 0x10FF MOV (ESP), EAX RET 0x12A0: RET RET 0x1F00: ADD EAX, ECX 0x10FF: CALL 0x3000 0x2000: RET MOV EBX, EAX 0x2500: ADD EAX, ECX 0x3000: Thursday, August 1, 13 13

  20. Instruction Location Randomization [Hiser et al., IEEE S&P 2012] Original Randomized MOV EBX, EAX MOV (ESP), EAX 0x1000: CALL 0x10FF MOV (ESP), EAX RET 0x12A0: RET RET 0x1F00: ADD EAX, ECX 0x10FF: CALL 0x3000 0x2000: RET MOV EBX, EAX 0x2500: 0x2500 -> 0x2000 ADD EAX, ECX 0x3000: 0x2000 -> 0x1000 0x1000 -> 0x12A0 0x3000 -> 0x1F00 Execution is driven by a fall-through map and a binary translation framework (Strata) Thursday, August 1, 13 13

  21. ¡Does ¡Fine-­‑Grained ¡ASLR ¡Provide ¡a ¡ Viable ¡Defense ¡in ¡the ¡Long ¡Run? ¡ Thursday, August 1, 13 14

  22. Contributions 15 Thursday, August 1, 13 15

  23. Contributions 1 A novel attack class that undermines fine-grained ASLR, dubbed just-in-time code reuse 15 Thursday, August 1, 13 15

  24. Contributions 1 A novel attack class that undermines fine-grained ASLR, dubbed just-in-time code reuse 2 We show that memory disclosures are far more damaging than previously believed 15 Thursday, August 1, 13 15

  25. Contributions 1 A novel attack class that undermines fine-grained ASLR, dubbed just-in-time code reuse 2 We show that memory disclosures are far more damaging than previously believed A prototype exploit framework that 3 demonstrates one instantiation of our idea, called JIT-ROP 15 Thursday, August 1, 13 15

  26. Assumptions Adversary Defender 16 Thursday, August 1, 13 16

  27. Assumptions Adversary Defender Non-Executable Stack and Heap 16 Thursday, August 1, 13 16

  28. Assumptions Adversary Fine-Grained ASLR Defender Non-Executable Stack and Heap 16 Thursday, August 1, 13 16

  29. Assumptions Adversary Memory Disclosure Vulnerability Fine-Grained ASLR Defender Non-Executable Stack and Heap 16 Thursday, August 1, 13 16

  30. Assumptions Control-Flow Vulnerability Adversary Memory Disclosure Vulnerability Fine-Grained ASLR Defender Non-Executable Stack and Heap 16 Thursday, August 1, 13 16

  31. Workflow of Just-In-Time Code Reuse Adversary 17 Thursday, August 1, 13 17

  32. Workflow of Just-In-Time Code Reuse Adversary Leak Code Pointer 17 Thursday, August 1, 13 17

  33. Workflow of Just-In-Time Code Reuse Adversary Leak Code Pointer Exploit Description (High-Level Language) 17 Thursday, August 1, 13 17

  34. Workflow of Just-In-Time Code Reuse Adversary Leak Code Pointer Exploit Description (High-Level Language) Vulnerable Application 17 Thursday, August 1, 13 17

  35. Workflow of Just-In-Time Code Reuse JIT -ROP Framework Adversary Leak Code Pointer Map Memory Exploit Description (High-Level Language) Vulnerable Application 17 Thursday, August 1, 13 17

  36. Workflow of Just-In-Time Code Reuse JIT -ROP Framework Adversary Leak Code Pointer Find ROP Map Sequences Memory Exploit (Gadgets) Description (High-Level Language) Vulnerable Application 17 Thursday, August 1, 13 17

  37. Workflow of Just-In-Time Code Reuse JIT -ROP Framework Adversary Leak Code Pointer Find ROP Map Sequences Memory Exploit (Gadgets) Description (High-Level Language) Find API Functions Vulnerable Application 17 Thursday, August 1, 13 17

  38. Workflow of Just-In-Time Code Reuse JIT -ROP Framework Adversary Leak Code Pointer Find ROP Map Sequences Memory Exploit (Gadgets) Description (High-Level Language) Find API Compile ROP Program Functions Vulnerable Application 17 Thursday, August 1, 13 17

  39. Workflow of Just-In-Time Code Reuse JIT -ROP Framework Adversary Leak Code Pointer Find ROP Map Sequences Memory Exploit (Gadgets) Description (High-Level Language) Find API Compile ROP Program Functions Vulnerable Application 17 Thursday, August 1, 13 17

  40. Challenges 18 Thursday, August 1, 13 18

  41. Challenges Map memory without crashing 18 Thursday, August 1, 13 18

  42. Challenges Map memory without crashing Find gadgets, APIs, and compile payload dynamically at runtime 18 Thursday, August 1, 13 18

  43. Challenges Map memory without crashing Find gadgets, APIs, and compile payload dynamically at runtime Fully automated 18 Thursday, August 1, 13 18

  44. Challenges Map memory without crashing Find gadgets, APIs, and compile payload dynamically at runtime Fully automated Demonstrate efficient, practical exploit 18 Thursday, August 1, 13 18

  45. ⇒ Our Approach Map Memory JIT Compile Find API Calls Find Gadgets observation: single leaked function pointer an entire code page is present 19 Thursday, August 1, 13 19

  46. ⇒ Our Approach Map Memory JIT Compile Find API Calls Find Gadgets observation: single leaked function pointer an entire code page is present f295afcad42b43 638b2bbf6381ff 72efc88bda4cc0 0732bba1575ccb eb7c025e6b8ad3 0c283baa9f03e4 7464fc814176cd 546bcee28e4232 initial code page 19 Thursday, August 1, 13 19

  47. ⇒ Our Approach Map Memory JIT Compile Find API Calls Find Gadgets observation: single leaked function pointer an entire code page is present ... push 0x1 call [-0xFEED] mov ebx, eax jmp +0xBEEF dec ecx xor ebx, ebx ... initial code page 19 Thursday, August 1, 13 19

  48. ⇒ Our Approach Map Memory JIT Compile Find API Calls Find Gadgets observation: single leaked function pointer an entire code page is present ... push 0x1 ... push 0x1 ... call [-0xFEED] call [-0xFEED] push 0x1 ... mov ebx, eax call [-0xFEED] mov ebx, eax push 0x1 jmp +0xBEEF mov ebx, eax call [-0xFEED] dec ecx jmp +0xBEEF jmp +0xBEEF mov ebx, eax xor ebx, ebx dec ecx jmp +0xBEEF ... xor ebx, ebx dec ecx dec ecx ... xor ebx, ebx xor ebx, ebx ... ... initial code page 19 Thursday, August 1, 13 19

  49. ⇒ Our Approach Map Memory JIT Compile Find API Calls Find Gadgets observation: single leaked function pointer an entire code page is present ... ... ... ... push 0x1 push 0x1 push 0x1 call call call [-0xFEED] ... push 0x1 ... [-0xFEED] [-0xFEED] mov ebx, eax mov ebx, eax push 0x1 mov ebx, eax ... jmp +0xBEEF jmp +0xBEEF jmp +0xBEEF call [-0xFEED] dec ecx call [-0xFEED] push 0x1 dec ecx dec ecx ... mov ebx, eax call [-0xFEED] mov ebx, eax push 0x1 jmp +0xBEEF mov ebx, eax call [-0xFEED] dec ecx jmp +0xBEEF jmp +0xBEEF mov ebx, eax xor ebx, ebx dec ecx jmp +0xBEEF ... xor ebx, ebx dec ecx dec ecx ... xor ebx, ebx xor ebx, ebx ... ... ... ... push 0x1 push 0x1 ... push 0x1 call ... call call [-0xFEED] [-0xFEED] [-0xFEED] mov ebx, eax mov ebx, eax mov ebx, eax jmp +0xBEEF jmp +0xBEEF jmp +0xBEEF dec ecx dec ecx initial code page dec ecx 19 Thursday, August 1, 13 19

  50. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets 20 Thursday, August 1, 13 20

  51. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets Desired Payload URLDownloadToFile (“http://...”, “bot.exe”); WinExec (“bot.exe”); ExitProcess (1); 20 Thursday, August 1, 13 20

  52. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets Desired Payload URLDownloadToFile (“http://...”, “bot.exe”); WinExec (“bot.exe”); ExitProcess (1); 20 Thursday, August 1, 13 20

  53. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets Vulnerable ¡Application Desired Payload Code ¡Page ¡Previously ¡Found URLDownloadToFile (“http://...”, “bot.exe”); WinExec (“bot.exe”); Sleep(...) ExitProcess (1); FindWindow(...)  needed ¡APIs ¡o\en ¡not ¡referenced ¡by ¡program GetActiveWindow(...) 20 Thursday, August 1, 13 20

  54. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets Vulnerable ¡Application Desired Payload Code ¡Page ¡Previously ¡Found URLDownloadToFile (“http://...”, “bot.exe”); WinExec (“bot.exe”); Sleep(...) LoadLibrary(“library.dll”); LoadLibrary(“library.dll”); ExitProcess (1); LoadLibrary(“library.dll”); FindWindow(...) GetProcAddress(“func1”) GetProcAddress(“func1”) GetProcAddress(“func1”)  needed ¡APIs ¡o\en ¡not ¡referenced ¡by ¡program  dynamic ¡library ¡and ¡func&on ¡loading ¡is ¡common GetActiveWindow(...) GetProcAddress(“func2”) GetProcAddress(“func2”) GetProcAddress(“func2”)  solu&on: ¡scan ¡for ¡ LoadLibrary ¡and ¡ GetProcAddress ¡references ¡instead 20 Thursday, August 1, 13 20

  55. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets Vulnerable ¡Application With Dynamic Loading Desired Payload LoadLibrary (“urlmon.dll”); Code ¡Page ¡Previously ¡Found URLDownloadToFile (“http://...”, “bot.exe”); GetProcAddress (@, “ URLDownloadT oFile ”); WinExec (“bot.exe”); Sleep(...) @ (“http://...”, “bot.exe”); LoadLibrary(“library.dll”); LoadLibrary(“library.dll”); ExitProcess (1); LoadLibrary(“library.dll”); LoadLibrary (“kernel32.dll”); GetProcAddress (@, “ WinExec ”); FindWindow(...) GetProcAddress(“func1”) GetProcAddress(“func1”) GetProcAddress(“func1”) @ (“bot.exe”);  needed ¡APIs ¡o\en ¡not ¡referenced ¡by ¡program ...  dynamic ¡library ¡and ¡func&on ¡loading ¡is ¡common GetActiveWindow(...) GetProcAddress(“func2”) GetProcAddress(“func2”) GetProcAddress(“func2”)  solu&on: ¡scan ¡for ¡ LoadLibrary ¡and ¡ GetProcAddress ¡references ¡instead 20 Thursday, August 1, 13 20

  56. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets 21 Thursday, August 1, 13 21

  57. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets code pages ... ... push 0x1 ... push 0x1 call push 0x1 call ... [-0xFEED] call [-0xFEED] push 0x1 mov ebx, [-0xFEED] call [-0xFEED] mov ebx, eax mov ebx, eax mov ebx, eax jmp jmp +0xBEEF eax jmp dec ecx jmp xor ebx, ebx ... gadgets found 21 Thursday, August 1, 13 21

  58. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets code pages code sequences ... ... mov ebx, eax ret push 0x1 ... push 0x1 call push 0x1 call ... [-0xFEED] call pop eax mov [ecx], eax ret [-0xFEED] push 0x1 mov ebx, [-0xFEED] call [-0xFEED] mov ebx, eax mov ebx, eax mov ebx, eax jmp jmp +0xBEEF pop eax mov ebx, edx ret eax jmp dec ecx jmp xor ebx, ebx ... mov eax, 0x14 ret Galileo Algorithm ... [Schacham, ACM CCS 2007] gadgets found 21 Thursday, August 1, 13 21

  59. Our Approach Map Memory JIT Compile Find API Calls Find Gadgets gadget types code pages code sequences ... MovRegG ... mov ebx, eax ret push 0x1 ... push 0x1 call push 0x1 JumpG call ... [-0xFEED] call pop eax mov [ecx], eax ret [-0xFEED] push 0x1 mov ebx, [-0xFEED] call [-0xFEED] mov ebx, ArithmeticG eax mov ebx, eax mov ebx, eax jmp jmp +0xBEEF pop eax mov ebx, edx ret eax jmp dec ecx LoadRegG jmp xor ebx, ebx ... ... mov eax, 0x14 ret Galileo Algorithm ... [Schacham, ACM CCS 2007] gadgets found 21 Thursday, August 1, 13 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Just-In-Time Code Reuse: On the Effec7veness of

Just-In-Time Code Reuse: On the Effec7veness of

Just-In-Time Code Reuse: On the Effec7veness of Fine-Grained Address Space Layout Randomiza7on Kevin Z. Snow, Fabian Monrose Lucas Davi,

819 views • 23 slides
kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos

Introduction RX Fine-grained KASLR Evaluation kR^X Comprehensive Kernel Protection against Just-In-Time Code Reuse Marios Pomonis 1 Theofilos Petsios 1 Angelos D. Keromytis 1 Michalis Polychronakis 2 Vasileios P. Kemerlis 3 1 Columbia

1.18k views • 66 slides
How to Write Fast Numerical Code Spring 2011 Lecture 7 Instructor: Markus Pschel TA: Georg

How to Write Fast Numerical Code Spring 2011 Lecture 7 Instructor: Markus Pschel TA: Georg

How to Write Fast Numerical Code Spring 2011 Lecture 7 Instructor: Markus Pschel TA: Georg Ofenbeck Last Time: Locality Temporal and Spatial memory memory Last Time: Reuse FFT: O(log(n)) reuse MMM: O(n) reuse Discrete Fourier

278 views • 25 slides
Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse

Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse

Aspects of Inheritance Inheritance Readings: OOSCS2 Chapters 14 16 Code Reuse Substitutability Polymorphism and Dynamic Binding [ compile-time type checks ] EECS3311 A & E: Software Design Sub-contracting Fall 2020 [

226 views • 6 slides
Lecture 09 Code reuse attacks Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 09 Code reuse attacks Stephen Checkoway University of Illinois at Chicago CS 487

Lecture 09 Code reuse attacks Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Last time No good reason for stack/heap/static data to be executable No good reason for code to be writable - An exception to this

750 views • 42 slides
1 Infrastructure Requirements Limit Reuse Planned Indirect Potable Reuse (Purple pipe may be a

1 Infrastructure Requirements Limit Reuse Planned Indirect Potable Reuse (Purple pipe may be a

Overview of Presentation DIRECT POTABLE REUSE: A PATH FORWARD: Take Home Message Reuse Opportunities De Facto and Planned Indirect Potable Reuse 2012 WATER REUSE CONFERENCE Proposed Direct Potable Reuse Strategies Boise, ID

599 views • 8 slides
Loop Invariant Code Motion Last Time Uses of SSA: reaching constants, dead-code elimination,

Loop Invariant Code Motion Last Time Uses of SSA: reaching constants, dead-code elimination,

Loop Invariant Code Motion Last Time Uses of SSA: reaching constants, dead-code elimination, induction variable identification Today Finish up induction variable identification Loop invariant code motion Next Time Reuse

778 views • 10 slides
ASLR-Guard: Stopping Address Space Leakage for Code Reuse

ASLR-Guard: Stopping Address Space Leakage for Code Reuse

ASLR-Guard: Stopping Address Space Leakage for Code Reuse A9acks Kangjie Lu, Chengyu Song, Byoungyoung Lee, Simon P. Chung, Taesoo Kim, Wenke Lee

605 views • 45 slides
Object-Oriented Programming Exercises 13.1 Using Java as an example: Code reuse: inhertiance,

Object-Oriented Programming Exercises 13.1 Using Java as an example: Code reuse: inhertiance,

13 Object-Oriented Programming Exercises 13.1 Using Java as an example: Code reuse: inhertiance, interfaces. In the case of an interface, any class implementing the Comparable interface can be sorted or stored in an ordered colection.

425 views • 6 slides
Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina

Weird machines: a model for code-reuse attacks Sergey Bratus Rebecca Shapiro Anna Shubina Dartmouth T rust Lab Outline Code re-use: unexpected computation, programming models Containing computation: Coarse intent-based ABI-level

487 views • 27 slides
Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical

Software Reuse From informal reuse (scavenging) to systematic reuse Management and technical issues Michal Young, SERC 05/19/99 1 Merry-Go-Round of Sequential Development Conventional view of development: Requirements Common theme -

238 views • 13 slides
Trying to run EvtGen in parallel provided some usefull information S. Longo 2nd SuperB

Trying to run EvtGen in parallel provided some usefull information S. Longo 2nd SuperB

Wishing to reuse part of the code written by the BaBar collaboration, there are two main questions that require an answer: Is it possible to run in parallel BaBar code (legacy code)? If this is the case, what kind of performances can be

847 views • 15 slides
Subtype polymorphism Key mechanism to support code reuse A is a subtype of B (written A

Subtype polymorphism Key mechanism to support code reuse A is a subtype of B (written A

Subtype polymorphism Key mechanism to support code reuse A is a subtype of B (written A < : B ) if value a:A can be used whenever a value of supertype B is expected. Example: Circle , Diamond , and Triangle can be used in any

350 views • 21 slides
A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen,

A Tough call : Mitigating Advanced Code-Reuse Attacks At The Binary Level Victor van der Veen, Enes Gkta (joint first author) (VU) Moritz Contag, Andre Pawlowski, Thorsten Holz (RUB) Xi Chen, Sanjay Rawat, Herbert Bos, Elias Athanasopoulos,

587 views • 26 slides
Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes

Size Does Matter Why Using Gadget-Chain Length to Prevent Code-reuse Attacks is Hard Enes Gkta - Elias Athanasopoulos - Michalis Polychronakis Herbert Bos - Georgios Portokalidis presented by: Flora Karniavoura Katerina Karagiannaki

376 views • 23 slides
Design patterns for code reuse in HLS packet processing pipelines Haggai Eran , Lior Zeno

Design patterns for code reuse in HLS packet processing pipelines Haggai Eran , Lior Zeno

Design patterns for code reuse in HLS packet processing pipelines Haggai Eran , Lior Zeno , Zsolt Istvn , and Mark Silberstein Technion Israel Institute of Technology Mellanox Technologies IMDEA Software

690 views • 24 slides
Big Data Optimization: Randomized lock-free methods for minimizing partially separable convex

Big Data Optimization: Randomized lock-free methods for minimizing partially separable convex

Big Data Optimization: Randomized lock-free methods for minimizing partially separable convex functions Peter Richt arik School of Mathematics The University of Edinburgh Joint work with Martin Tak a c (Edinburgh) Les Houches

955 views • 37 slides
Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus

Introduction Our Approach Experiments Conclusions Random Subwindows for Robust Image Classification Rapha el Mar ee, Pierre Geurts, Justus Piater, Louis Wehenkel Institut Montefiore, University of Li` ege, Belgium CVPR05, 22th June

423 views • 29 slides
Sublinear Algorithms Lecture 5 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha

Sublinear Algorithms Lecture 5 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha

Sublinear Algorithms Lecture 5 Sofya Raskhodnikova Penn State University Thanks to Madhav Jha (Penn State) for help with creating these slides. 1 Today Lecture 5. Limitations of sublinear algorithms. Yaos Minimax Principle. Query

509 views • 24 slides
Mixed models in R using the lme4 package Part 2: Longitudinal data, modeling interactions Douglas

Mixed models in R using the lme4 package Part 2: Longitudinal data, modeling interactions Douglas

Mixed models in R using the lme4 package Part 2: Longitudinal data, modeling interactions Douglas Bates 8 th International Amsterdam Conference on Multilevel Analysis <Bates@R-project.org> 2011-03-16 Douglas Bates (Multilevel Conf.)

700 views • 54 slides
Chapter 9 Object recognition Random Forests 9.9 Random forests 2 9.9 Random forests

Chapter 9 Object recognition Random Forests 9.9 Random forests 2 9.9 Random forests

Chapter 9 Object recognition Random Forests 9.9 Random forests 2 9.9 Random forests Random forests a classification approach that is especially well suited for prob- lems with many classes when large datasets are available for

382 views • 21 slides
Using Randomized Controlled Trials in Criminal Justice Gipsy Escobar, PhD June 8 th , 2016

Using Randomized Controlled Trials in Criminal Justice Gipsy Escobar, PhD June 8 th , 2016

Using Randomized Controlled Trials in Criminal Justice Gipsy Escobar, PhD June 8 th , 2016 Michael D. White, PhD This project was supported by Grant No. 2013-DP-BX-K006 awarded by the Bureau of Justice Assistance. The Bureau of Justice

727 views • 24 slides
Random Projections for Dimensionality Reduction: Some Theory and Applications Robert J. Durrant

Random Projections for Dimensionality Reduction: Some Theory and Applications Robert J. Durrant

Random Projections for Dimensionality Reduction: Some Theory and Applications Robert J. Durrant University of Waikato bobd@waikato.ac.nz www.stats.waikato.ac.nz/bobd T el ecom ParisTech, Tuesday 12th September 2017 R.J.Durrant

791 views • 52 slides
Sampling 2: Random Walks Lecture 20 CSCI 4974/6971 10 Nov 2016 1 / 10 Todays Biz 1.

Sampling 2: Random Walks Lecture 20 CSCI 4974/6971 10 Nov 2016 1 / 10 Todays Biz 1.

Sampling 2: Random Walks Lecture 20 CSCI 4974/6971 10 Nov 2016 1 / 10 Todays Biz 1. Reminders 2. Review 3. Random Walks 2 / 10 Reminders Assignment 5: due date November 22nd Distributed triangle counting Assignment 6: due

1.02k views • 88 slides

More recommend