Code Reuse Attacks and Defenses against them

Seminare	2 SWS / 5,0 ECTS
Veranstalter:	Peng Xu and Paul Muntean
Zeit und Ort:	Mo, 10:00 Uhr, 01.08.033
Beginn:	2017-04-25

The lecture is given in english

The slides are available in english

The exam will be in english

Required Preliminary Knowledge

Basic C programming language, object-oriented language(C++/Java), Assembly language and IT security knowledge.

Task

In this seminar, several hot topics in this line of research will be discussed. The goal is to provide students an overview of state-of-the-art control flow based security techniques in order to encourage them to explore this exciting research field. Each student will be assigned with one research paper. After studying the paper, each student is required to write a short report about the paper, make a 30-minute presentation about his/her topic and 15 minutes discussion.

Each student selects one paper from the list below.
Students‘ report should cover the content of the chosen paper.
The presentation should focus on your paper.
For the registration, students are required to send the title of their selection to Peng XU.
The papers will be assigned in a "first-come, first-served" and "interesting point" ways

Research Papers

#	Paper	Description
1	Return-oriented programming without returns	ROP Attack
2	Jump-oriented programming: a new class of code-reuse attack	JOP Attack
3	Hacking blind	Blind ROP Attack
4	Just-In-Time Code Reuse:On the Effectiveness of Fine-Grained Address Space Layout Randomization	JIT-ROP Attack
5	Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications	COOP Attack
6	Blender: Self-randomizing address space layout for android apps	ROP Attack on Android and randomization-based defense
7	Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming	Randomization-based defenses against JIT-ROP
8	It's a TRaP: Table randomization and protection against function-reuse attacks	Randomization-based defenses against COOP Attack
9	SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks	Compiler-based defenses against Code Reuse Attacks
10	Protecting c++ dynamic dispatch through vtable interleaving	Compiler-based defenses against Code Reuse Attacks
11	VTint: Protecting Virtual Function Tables’ Integrity	Binary-rewriting-based defenses against Code Reuse Attacks
12	T-VIP: Towards automated integrity protection of C++ virtual function tables in binary programs	Binary-rewriting-based defenses against Code Reuse Attacks

Schedule

Title	Speaker	Date
Kickoff Meeting	Peng X.	27.01.2017
1. The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)	Peng X.	24.04.2017
Prepare the literature research and report outline (no group meeting)	All Students	08.05.2017
Deliver the literature research and report outline (no group meeting)	All Students	15.05.2017
1. Return-oriented programming without returns 2. Jump-oriented programming: a new class of code-reuse attack	Mehdi B. Urdhwa G.	22.05.2017
1. Hacking blind 2. Just-In-Time Code Reuse:On the Effectiveness of Fine-Grained Address Space Layout Randomization	Nicolas F. Erik H.	29.05.2017
1. Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications 2. Blender: Self-randomizing address space layout for android apps	- Hajizada T.	12.06.2017
1. It's a TRaP: Table randomization and protection against function-reuse attacks 2. Isomeron: Code Randomization Resilient to (Just-In-Time) Return-Oriented Programming	- Sebastian K.	19.06.2017
1. SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks 2. Protecting c++ dynamic dispatch through vtable interleaving	-	26.06.2017
1. VTint: Protecting Virtual Function Tables’ Integrity 2. T-VIP:Towards automated integrity protection of C++ virtual function tables in binary programs	Jakob R. Edelmann M.	03.07.2017
Deadline for the first version report	All Students	10.07.2017
1. Deadline for paper-related experiments(Attacks and Defense mechanisms) 2. Submission the review to assigned reports	All Students	17.07.2017
Deadline for the final report	All Students	24.07.2017

Presentation Guidelines

Each student makes a presentation about the given paper. The time given for the presentation is 45 minutes, including discussion. We recommend to take 30 minutes for actual presentation and leave around 15 minutes for discussion. Presentations should be in a style of conference/workshop talks. A good presentation will:

give correct and accurately displayed information about the paper,
present all the important points of the paper,
contain an understandable explanation for your colleague students, especially about the used method and the results of the paper,
initiate a good discussion.

Report Structure and Literature Research Q & A

Q: How can I obtain bonus points for my report and presentation?
A: For example: add a new discussion section (i.e., you can discuss about relevant work), add more related work (note: partition the related work section in subsections), add a new conclusion (i.e., can be also a high level conclusion about the original paper), add or expand the future work section with future research directions (i.e., cluster them if needed).
Q: Do I have to provide the name of the seminar on all my deliverables?
A: Yes, the name of the seminar, your name and your Matr. Nr. have to be provided.
Q: Is it enough to only list all the literature we probably need?
A: You need to list all references and write one sentence which characterizes that reference. You can have a look for example in the abstract, discussion or conclusion section, etc.
Q: What needs to be the content of the report outline or better its structure?
A: Basically the structure of the original paper plus your own contributions/sections (e.g., extended related work section, new discussion section, etc.)

Report Guidlines

Avoid making common report writing mistakes: Download the general guidelines

Each report should include an abstract of up to 200 words. It should be not shorter than 10 single-spaced pages and no longer than 15 single-spaced pages with 10pt font size. Students need to hand in a hard copy of the report before the final deadline. Students are strongly encouraged to use Springer LNCS/LNAI manuscript submission guidelines.

Download the LaTeX template

Students should not aspire to write a long but boring report. A charming report should be clear, compact and easy to follow.

Note that, if a student doesn't submit a report and give a presentation before 11.07.2017, he/she will not pass.

Download the PDF version of "How to Write a Seminar Report".

PARAPHRASING AND SUMMARIZING

In a report writing, it is necessary to stick more closely to the original and to preserve something of the progression of the argument from the source. The process of reproducing another writer’s text in your own words without attempting to reduce the length of the passage substantially is known as paraphrasing. If you set out to reproduce another writer’s ideas and arguments but at considerably less length and in less detail, then you are summarizing it.

Paraphrasing

The art of paraphrasing consists of re-creating an original text in its entirety using your own words, not those of the author. It can be particularly useful if your reader might have difficulty in following the original text. Here are some tips for you to produce an effective paraphrase:

You should, as much as possible, avoid quoting from the original.
If the author uses a particularly distinctive word or phrase that you wish to retain, then you should put it in quotation marks.
To avoid the pitfall of plagiarism, you can treat a paraphrase as if it were a piece of reported speech (in other words, X says/states/confirms/expresses/reports, etc. that ...)
If the passage has an emotional quality, however, you can help to convey this by beginning “X complains/insists/gleefully that ...”. Similarly, if the author is presenting an argument or responding to arguments put forward by someone else, you can register that fact by saying “X argues/admits/counters this argument by suggesting that ...”
When you have completed a paraphrase, you should always check it against the original to ensure that you have not omitted anything important.

Summarizing

Summarizing is an extremely useful writing skill for a researcher. For instance, you can easily find yourself in the position of having to pare down your text to
fit the space available (e.g. due to the page-limit of a conference paper). It is also often useful to provide a summary of your argument to wind up a lecture, report, or dissertation. A summary should be between 1/3 or 1/4 of the length of the original. Under these conditions, there is seldom any reason to keep the wording of the original. Here are some tips for you to make an effective summary:

Read through the whole passage carefully and make sure that you have understood it.
Identify and note down its main points, the essential ideas or pieces of informati
Science Research Writing for Non-Native Speakers of English
Cambridge Advanced Grammar in Use
How (and How Not) to Write a Good Systems Paper
How (and How Not) to Write a Good Systems Paper
Check the order of main points is the most effective order.
It is easier to condense a piece of poor writing than a piece of good writing, because poor writing is often loosely structured and padded out with largely irrelevant material or simple verbiage.
To fit a large amount of information into succinctly words, you may resort to longer and more formal words and more complex grammatical constructions than you might normally use.

Always check your summary for clarity.

Other Resources

Science Research Writing for Non-Native Speakers of English

Cambridge Advanced Grammar in Use

How (and How Not) to Write a Good Systems Paper