BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:On the power of techniques for defeating code reuse attacks + some
  retrospective reflection on the DARPA CRASH program - Prof Howie Shrobe (
 MIT)
DTSTART:20150512T130000Z
DTEND:20150512T140000Z
UID:TALK59430@talks.cam.ac.uk
CONTACT:Laurent Simon
DESCRIPTION:*Abstract:*\nCode reuse attacks (Return Oriented Programming\,
  etc) have become one the key tools in the arsenal of attackers who are re
 trying to subvert remote systems through technical means. A new defensive 
 technique\, called Code Pointer Integrity\, or CPI  was proposed this past
  summer.  It has the attractive property of being implemented wholly in so
 ftware\, seeming to offer broad coverage against code reuse attacks while 
 imposing modest performance penalties (~6%).  In an upcoming paper\, our g
 roup demonstrated a technique for bypassing CPI.  I will explain how code 
 reuse attacks work\, how CPI was supposed to prevent them\, and how we byp
 assed CPI.  I will also outline some work that we are currently conducting
  that uses a simple hardware architectural extension to prevent against bo
 th code reuse and code injection attacks (and probably other types of atta
 cks as well).\n\nThis work grew out of an attempt to harvest some of the s
 impler ideas explored in DARPA’s CRASH program (of which I was the progr
 am manager).  I share some personal reflections on the CRASH program and w
 hat it produced. 
LOCATION:LT2\, Computer Laboratory\, William Gates Building
END:VEVENT
END:VCALENDAR