Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Memory Errors: The Past, the Present, and the Future

No description
by

Victor van der Veen

on 4 August 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Memory Errors: The Past, the Present, and the Future

Memory Errors: The Past, the Present, and the Future
Historical overview
Vulnerability and exploit analysis
Future directions
No more format strings
Stack
Heap
Vulnerability breakdown
The heap is difficult to exploit
Exploit breakdown
Vulnerability analysis
Exploitation is getting harder
Exploit analysis
Fewer reports
The memory error:
Today's cyber bullet, tomorrow's cruise missile?
Trends
Selling on black markets is also lucrative
0-Day private market
As long as we find vulnerabilities, memory errors will be among them
Percentages
C usage
Non-control data
Exim attack (2010)
Memory errors are endemic in C-like programs
Focus on damage control
Conclusions
Memory errors will remain a serious threat
Fortunately, exploitation is getting harder
Focus on detecting non-control data attacks
(Recent) Advances in Intrusion Detection was actually very well chosen
Motivation
Contributions
20 years of research on memory errors:
Safe languages
Program analysis
Countermeasures

Will memory errors remain a significant threat?
Do we need renewed/different research efforts?

'Classic buffer overflow' still in top 3 of CWE SANS top 25
Number of memory errors are dropping
Pwn2Own 2012:
"... But the other one, a memory corruption flaw in IE's protected mode sandbox, VUPEN will keep for itself and its customers (NATO governments and partners) ..."
Other companies selling zero-days:
Netragard
Endgame Systems
Northrop Grumman
Raytheon
...?
Vendors started paying for zero-days
Mozilla (up to $3.000)
Google (up to $20.000)
Facebook (minimum of $500)
Baracuda Networks (up to $3.133,7)
Zero Day Initiative
...
Public disclosure?
Bounty programs
Black market
What can we expect in the future?
Does not divert control flow
Typical heap overflow: overwrite variable
Undetected by NX, ASLR, canary protection, ...
Unfortunately, also less public
High amounts paid for zero-days
Is there something else that could explain this drop in reports?
Most important language
Not safe by design
Hard to get it right
More attacks in the future?
Other factors
Exploitation is getting harder
Public disclosure is being avoided
Increase of bounty programs
Increase of 0-day private markets
Memory Errors:
Victor van der Veen, Nitish Dutt-Sharma, Lorenzo Cavallaro, Herbert Bos
1
1
1
1,2
1
2
Victor van der Veen, Nitish Dutt-Sharma, Lorenzo Cavallaro, Herbert Bos
1
1
1
1,2
1
2
"Non-control-data attacks are realistic threats" (2005)
But also look at preventing privilege escalation
Lots of existing C software
2/31
3/31
15/32
16/32
17/32
18/32
21/32
22/32
23/32
20/32
24/32
27/32
29/32
30/32
31/32
32/32
The Past, the Present, and the Future
http://malware-experiments.few.vu.nl/
Full transcript