On Friday, Feb. 23 guest speaker Hong Hu Ph.D. will give a lecture titled "Hacking Data-Flow for Turing-Complete Attacks".
Control-flow hijacking attacks from memory errors become more and more difficult as targeted defense mechanisms gain wide deployment. As an alternative, non-control data attacks do not require diverting the application’s control flow, and thus can bypass existing advanced defense mechanisms. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness. In this talk, Dr. Hu will first present data-flow stitching, a systematic method to build data-oriented attacks. Instead of corrupting individual data inside the program, data-flow stitching breaks existing data-flows and connects the fragments in a malicious manner, thus enabling systematic construction. Then I will propose data-oriented programming, a novel method to build expressive data-oriented attacks, even Turing-complete attacks. Finally, Dr.Hu will show data-oriented attacks against Chromium that bypass the fundamental SOP policy.
Dr. Hong Hu is a postdoctoral fellow in School of Computer Science, College of Computing, the Georgia Institute of Technology. His research interest focuses on system security. Currently, he is working on the memory error detection, exploitation and defense. His research work has been published on Oakland, Usenix, CCS, ESORICS, ICECCS. He has received the Best Paper Award from ICECCS'2014. Before joining Georgia Tech, he obtained his PhD degree from National University of Singapore.
]]>