Code reuse attacks pose a severe threat to modern software, silently breaching and infecting various systems ranging from desktop PCs to mobile and embedded systems. They can bypass many deployed defenses including data execution prevention and memory randomization (ASLR). The design and development of practical and effective defenses against code reuse attacks is extremely challenging and has recently become a hot research topic. Code-reuse with its most prominent instantiation return-oriented programming (ROP) may seem like a solved problem given the high scores of papers on possible defenses recently published on established security conferences. Unfortunately, many proposed defenses make assumptions that a sufficiently determined and resourced attacker can skirt, or require system changes that are highly challenging to transfer into practice; and frequently both.
This seminar will bring together researchers and practitioners to analyze the state-of-the-art in code reuse attacks and mitigations, to devise improved approaches, and to establish a roadmap for future research and practice.