Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Reminder: I attend painful meetings so you don't have to

From: Andrew <munin () mimisbrunnr net>
Date: Wed, 9 Dec 2015 18:45:46 -0500
Dr. Sergey Bratus did an excellent job of looking at how there is NO

WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.

Really?

What about the information that Control Flow Guard generates? Then
there's a map of "for each indirect branch, these are the allowable
targets of that indirect branch." It seems that any control flow
integrity system builds and describes some approximation of the
"standard execution paths of a program" by design.

Of course even if you get "execution path" right it doesn't even capture
stuff like side channels, which I guess is what Bratus is talking about
when he says "Advanced exploitation is rapidly becoming synonymous with
the system operating exactly as designed — and yet getting manipulated
by attackers" although I don't know if "attacks from the 70s" are really
"advanced" ...

On 12/09/2015 02:30 PM, Dave Aitel wrote:

http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html

You should read that probably. Basically everyone on this list is
effected by those issues.

-dave




_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave


_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: