Research Meeting 15294
The Continuing Arms Race: Code-Reuse Attacks and Defenses
( Jul 12 – Jul 15, 2015 )
(Click in the middle of the image to enlarge)
Permalink
Please use the following short url to reference this page:
https://www.dagstuhl.de/15294
Organizers
- Ulfar Erlingsson (Google Inc. - Mountain View, US)
- Thorsten Holz (Ruhr-Universität Bochum, DE)
- Per Larsen (University of California - Irvine, US)
- Ahmad-Reza Sadeghi (TU Darmstadt, DE)
Contact
- Heike Clemens (for administrative matters)
Dagstuhl Seminar Wiki
- Dagstuhl Seminar Wiki (Use personal credentials as created in DOOR to log in)
Shared Documents
- Dagstuhl Materials Page (Use personal credentials as created in DOOR to log in)
Schedule
Code reuse attacks pose a severe threat to modern software, silently breaching and infecting various systems ranging from desktop PCs to mobile and embedded systems. They can bypass many deployed defenses including data execution prevention and memory randomization (ASLR). The design and development of practical and effective defenses against code reuse attacks is extremely challenging and has recently become a hot research topic. Code-reuse with its most prominent instantiation return-oriented programming (ROP) may seem like a solved problem given the high scores of papers on possible defenses recently published on established security conferences. Unfortunately, many proposed defenses make assumptions that a sufficiently determined and resourced attacker can skirt, or require system changes that are highly challenging to transfer into practice; and frequently both.
This seminar will bring together researchers and practitioners to analyze the state-of-the-art in code reuse attacks and mitigations, to devise improved approaches, and to establish a roadmap for future research and practice.
Keywords Code-reuse attacks, code-reuse mitigations, return-oriented programming, control-flow integrity, software diversity, compilation, binary rewriting, JIT-compilation, operating systems, browsers
