Control Flow Integrity based Security
Control Flow Integrity based Security
| Seminare | 2 SWS / 5 ECTS |
| Veranstalter: | Peng Xu |
| Zeit und Ort: | 01.08.033 Kickoff: 26.06.18 11:30 - 12:00 Normal Courses: Monday 10:00 - 12:00 01.08.033 |
| Beginn: | 2018-10-23 |
| Klausur: | Presentation, Report |
Required Preliminary Knowledge
Basic C programming language, object-oriented language(C++/Java), Assembly language and IT security knowledge.
Task
In this seminar, several hot topics in this line of research will be discussed. The goal is to provide students an overview of state-of-the-art control flow based security techniques in order to encourage them to explore this exciting research field. Each student will be assigned with one research paper. After studying the paper, each student is required to write a short report about the paper, make a 30-minute presentation about his/her topic and 15 minutes discussion.
Content
The content will include the following subfields:
1. Types of code reuse attacks (ROP, JOP, COOP as well as ret2lib, vTable Hijacking)
| The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86) | 2018-10-29 | Peng XU |
| Just-In-Time Code Reuse:On the Effectiveness of Fine-Grained Address Space Layout Randomization | 2018-10-29 | |
| Counterfeit object-oriented programming: On the difficulty of preventing code reuse attacks in C++ applications | 2018-11-05 | Sandro Bauer |
| Blender: Self-randomizing address space layout for android apps | 2018-11-05 | Lion Steger |
2. Control flow integrity
| Control-Flow Integrity: Precision, Security, and Performance | 2018-11-12 | Alexander Hölzl |
| Code-Pointer Integrity | 2018-11-12 | Andreas Keller |
3. Compiler-based control flow integrity implementation
| Protecting c++ dynamic dispatch through vtable interleaving | 2018-11-19 | Benjamin Zanger |
| SAFEDISPATCH: Securing C++ Virtual Calls from Memory Corruption Attacks | 2018-11-19 | Torben Maack |
| CastSan: Efficient Detection of Polymorphic C++ Object Type Confusions | 2018-11-26 |
4. Binary-rewriting based control flow integrity implementation
| T-VIP:Towards automated integrity protection of C++ virtual function tables in binary programs | 2018-11-26 | |
| τCFI: Type-Assisted Control Flow Integrity for x86-64 Binaries | 2018-12-03 | |
| It's a TRaP: Table randomization and protection against function-reuse attacks | 2018-12-03 | Phillp Holzmann |
| VTPin: practical VTable hijacking protection for binaries | 2018-12-10 |
After the normal meeting we do not need to meet every week. In the rest time, you need to prepare the final report.
For the report you should include the content from the original paper, questions and answers we talked after your presentation and of course another discussion (like the research direction i asked during course, related works from other students and so on).
Final Report
You can find a final report from my previous student from CFI seminar course. You can take that one as the template.
In addition, you can also find the Latex template which is the format of our final report. With this template, we need 7 pages in length.
The content of the final report should include:
1. Introduction (Section I from this template)
2. Background
3. Design and implementation from original papers (Section II, III, IV from this template)
4. Performance
5. Discussion about the connection and difference with another related works in our seminar course (Section VII, VIII from this template)
6. Conclusion
Deadline
We have two deadline for the final report.
The first one is for the draft. The deadline is 4th, Feb.
After that, I will check these reports. Meanwhile, i will distribute two drafts to every students and help me to check and give feedback. And then I will feedback your report and update it with suggestions from my side and another students' sides.
The deadline for the second round is 11st, Feb.