Ahmad-Reza Sadeghi

Professor, Technische Universitat Darmstadt, Germany

May 30th, 2014, 2pm-3pm, DBH 3011

Title:

Beastly Gadgets - Return-Oriented Programming Attacks against Modern Control-Flow Integrity Protection

Abstract:

Code reuse attacks such as return-oriented programming (ROP) constitute robust attack techniques that are extensively used to exploit vulnerabilities in modern software programs (e.g., web browsers and PDF readers). ROP attacks require no code injection and induce malicious behavior by executing chains of instruction sequences (gadgets) residing in the underlying shared libraries or in the executable itself. Mitigation of ROP attacks has become a hot research topic in the recent years and various interesting solutions based on the principles of control-flow integrity (CFI) have been proposed.

In this talk, we aim at taking a short journey through the return-oriented programming attack space and defenses. We give a brief overview on the evolution of ROP attacks and mitigation proposals. In particular, we elaborate on the recently proposed (coarse-grained) CFI solutions, such as kBouncer, ROPecker, CFI for COTS binaries, ROPGuard, and Microsoft's Windows EMET tool. We discuss the (in)effectiveness of these techniques and how they can be undermined even under weak adversarial assumptions. Finally, we conclude with some open problems and new research directions.

Speaker Bio:

Ahmad-Reza Sadeghi is a full professor of computer science at Technische Universitat Darmstadt, Germany. He is the head of the System Security Lab at the Center for Advanced Security Research Darmstadt (CASED). Since January 2012 he has been the Director of the Intel Collaborative Research Institute for Secure Computing (ICRI-SC) at TU-Darmstadt. He holds a Ph.D. in computer science from the University of Saarland in Saarbrucken, Germany. Prior to academia, he worked in Research and Development of Telecommunications enterprises, such as Ericsson Telecommunications.
Ahmad has been continuously contributing to the field of information security and privacy research. He has been awarded with the renowned German prize ``Karl Heinz Beckurts'' for his research on Trusted and Trustworthy Computing technology and its transfer to industrial practice. The award honors excellent scientific achievements with high impact on industrial innovations in Germany.