Improving software resiliency against code-reuse attacks 19/10, 11:00, A41

Εδώ μπορείτε να ενημερώνετε ή να ενημερώνεστε για τη διοργάνωση διαφόρων συνεδρίων και σεμιναρίων.
Post Reply
User avatar
Alive
Venus Former Team Member
Posts: 457
Joined: Fri May 31, 2013 1:24 pm
Academic status: N>4
Gender:

Improving software resiliency against code-reuse attacks 19/10, 11:00, A41

Post by Alive » Mon Oct 17, 2016 11:13 am

Title: Improving software resiliency against code-reuse attacks

Abstract:
Software have always had faults that can be exploited to gain
unauthorized access on systems, exfiltrate data, install undesired
software, etc. Through the passage of years, new defenses, such as ASLR,
DEP, and stack cookies, have significantly raised the bar making
exploitation much harder. However, attackers have also evolved and
recent attacks show an increased level of sophistication. Code-reuse
attacks based on return oriented programming are a prime example of the
latter. Such attacks have reignited research interest in various
instantiations of control-flow integrity (CFI), and diversification and
isolation-based defenses. These works have been shown to be prone to
sophisticated attacks. In this talk, I will discuss how recent CFI
approaches work and present our work on evaluating their effectiveness
in terms of security. I will also briefly discuss our more recent work
on thread spraying against security mechanisms employing information
hiding.

Bio:
Georgios Portokalidis is an Assistant Professor in the Department of
Computer Science at Stevens Institute of Technology. He obtained his
doctorate degree in Computer Science from Vrije Universiteit in
Amsterdam, while he also holds an MSc from Leiden University and a BSc
from University of Crete. His research interests are mainly around the
area of systems and security. Some of the subjects he is actively
working on include the detection and prevention of state-of-the-art
attacks against software systems, information-flow tracking, user
authentication, IoT-related security, and exploiting hardware-software
synergies to improve security. He has authored numerous papers in high
impact conferences, including ACM CCS, ACM EuroSys, Usenix Security, and
IEEE Security and Privacy. He has also been involved in several projects
funded by the EU, DARPA, IARPA and NSF, and he has received funding
through IARPA. He has served in committees of various conferences,
including USENIX Security, NDSS, ACSAC, RAID, and others.
Post Reply

Return to “Συνέδρια - Σεμινάρια”