Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS457 – Introduction to Information Systems Security Projects Elias Athanasopoulos

Published byJerome Long Modified over 8 years ago

Similar presentations

Presentation on theme: "CS457 – Introduction to Information Systems Security Projects Elias Athanasopoulos"— Presentation transcript:

1 CS457 – Introduction to Information Systems Security Projects Elias Athanasopoulos elathan@ics.forth.gr

2 Project 1 On the Security of RC4 in TLS Usenix Security 2013. Nadhem AlFardan, Royal Holloway, University of London; Daniel J. Bernstein, University of Illinois at Chicago and Technische Universiteit Eindhoven; Kenneth G. Paterson, Bertram Poettering, and Jacob C.N. Schuldt, Royal Holloway, University of London. CS-457Elias Athanasopoulos2

3 Project 2 When Good Instructions Go Bad: Generalizing Return- Oriented Programming to RISC ACM CCS 2008 E. Buchanan, R. Roemer, H. Shacham, and S. Savage. Suggested reading: The Geometry of Innocent Flesh on the Bone: Return-into- libc without Function Calls (on the x86) ACM CCS 2007 H. Shacham. CS-457Elias Athanasopoulos3

4 Project 3 Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization Security and Privacy 2012 Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis Binary stirring: self-randomizing instruction addresses of legacy x86 binary code ACM CCS 2012 Richard Wartell, Vishwath Mohan, Kevin W. Hamlen, Zhiqiang Lin CS-457Elias Athanasopoulos4

5 Project 4 Practical Control Flow Integrity & Randomization for Binary Executables Security and Privacy 2013 Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, László Szekeres, Dawn Song, and Wei Zou. Suggested reading: Control-Flow Integrity: Principles, Implementations, and Applications ACM CCS 2005 Abadi et al. CS-457Elias Athanasopoulos5

6 Project 5 Out Of Control: Overcoming Control-Flow Integrity Security and Privacy 2014 Enes Göktaş, Elias Athanasopoulos, Herbert Bos, and Georgios Portokalidis Suggested reading: Practical Control Flow Integrity & Randomization for Binary Executables Security and Privacy 2013 Chao Zhang, Tao Wei, Zhaofeng Chen, Lei Duan, Stephen McCamant, László Szekeres, Dawn Song, and Wei Zou. CS-457Elias Athanasopoulos6

7 Project 6 Size Does Matter - Why Using Gadget-Chain Length to Prevent Code- reuse Attacks is Hard Usenix Security 2014 Enes Göktaş, Elias Athanasopoulos, Michalis Polychronakis, Herbert Bos, and Georgios Portokalidis Suggested reading: Transparent ROP Exploit Mitigation using Indirect Branch Tracing Usenix Security 2013 Vasilis Pappas, Michalis Polychronakis, and Angelos D. Keromytis CS-457Elias Athanasopoulos7

8 Project 7 Cling: A Memory Allocator to Mitigate Dangling Pointers Usenix Security 2010 Periklis Akritidis CS-457Elias Athanasopoulos8

9 Project 8 Improving Integer Security for Systems with KINT OSDI 2012 Xi Wang and Haogang Chen, MIT CSAIL; Zhihao Jia, Tsinghua University IIIS; Nickolai Zeldovich and M. Frans Kaashoek, MIT CSAIL CS-457Elias Athanasopoulos9

10 Project 9 Document Structure Integrity: A Robust Basis for Cross-site Scripting Defense NDSS 2009 Yacin Nadji, Prateek Saxena, Dawn Song Robust Defenses for Cross-Site Request Forgery ACM CCS 2008 Adam Barth, Collin Jackson, and John C. Mitchell CS-457Elias Athanasopoulos10

Download ppt "CS457 – Introduction to Information Systems Security Projects Elias Athanasopoulos"

Similar presentations

Undefined Behavior What happened to my code?

Undefined Behavior What happened to my code?
CS 6501- Overshadow Response Michael Deighan (9/1/09) ● Goals  application authenticity  execution integrity  data privacy ● Options  Overshadow extension.

CS Overshadow Response Michael Deighan (9/1/09) ● Goals  application authenticity  execution integrity  data privacy ● Options  Overshadow extension.
Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.

Improving Integer Security for Systems with KINT Xi Wang, Haogang Chen, Zhihao Jia, Nickolai Zeldovich, Frans Kaashoek MIT CSAIL Tsinghua IIIS.
ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.

ROP is Still Dangerous: Breaking Modern Defenses Nicholas Carlini et. al University of California, Berkeley USENIX Security 2014 Presenter: Yue Li Part.
CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Software 4 Elias Athanasopoulos
Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Dr. Kevin Hamlen, Dr. Zhiqiang Lin The University of Texas.

Securing Untrusted Code via Compiler-Agnostic Binary Rewriting Richard Wartell, Vishwath Mohan, Dr. Kevin Hamlen, Dr. Zhiqiang Lin The University of Texas.
Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?

Integrity & Malware Dan Fleck CS469 Security Engineering Some of the slides are modified with permission from Quan Jia. Coming up: Integrity – Who Cares?
David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.

David Brumley Carnegie Mellon University Credit: Some slides from Ed Schwartz.
CS457 – Introduction to Information Systems Security Software 3 Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Software 3 Elias Athanasopoulos
Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.

Introduction to Information Security ROP – Recitation 5 nirkrako at post.tau.ac.il itamarg at post.tau.ac.il.
Richard Wartell, Vishwath Mohan, Dr. Kevin Hamlen, Dr. Zhiqiang Lin

Richard Wartell, Vishwath Mohan, Dr. Kevin Hamlen, Dr. Zhiqiang Lin
Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:

Introduction 1-1 CS6204 Recent Advances in Computer Security and Privacy 3-credit graduate-level seminar Danfeng (Daphne) Yao Spring 2010 Office hours:
Moving Target Defense in Cyber Security

Moving Target Defense in Cyber Security
ARC: Protecting against HTTP Parameter Pollution Attacks Using Application Request Caches Elias Athanasopoulos, Vassileios P. Kemerlis, Michalis Polychronakis.

ARC: Protecting against HTTP Parameter Pollution Attacks Using Application Request Caches Elias Athanasopoulos, Vassileios P. Kemerlis, Michalis Polychronakis.
Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1, Juan Caballero 2, Kevin Zhijie Chen 1, Stephen.

Differential Slicing: Identifying Causal Execution Differences for Security Applications Noah M. Johnson 1, Juan Caballero 2, Kevin Zhijie Chen 1, Stephen.
CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos

CS457 – Introduction to Information Systems Security Cryptography 1b Elias Athanasopoulos
Defending against Return-Oriented Programming

Defending against Return-Oriented Programming
Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.

Part III Counter measures The best defense is proper bounds checking but there are many C/C++ programmers and some are bound to forget  Are there any.
Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.

Buffer Overflow Prevention ”\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62\x69\x6e \x89\xe3\x50\x53\x50\x54\x53\xb0\x3b\x50\xcd\x80” Presented to CRAB April.
Memory Attacks and Protection through Software Diversity

Memory Attacks and Protection through Software Diversity

Similar presentations

Ads by Google