Effective memory safety mitigations
https://www.youtube.com/watch?v=Q379iWqmodM [www.youtube.com]
2018-11-08 19:50
Effective memory safety mitigations - Chris Rohlf, Square. Memory Safety mitigations are an important tool for reducing attack reliability and raising exploit development costs. We have all invested a great deal of time and effort into tools, libraries, sandboxes, compiler extensions and more, but there are still gaps. With enough resources all of these mitigations can be bypassed. Furthermore, not all mitigations are generic enough to apply to an entire platform and are only effective in specific program designs. This talk explores the value of both generic and program specific memory safety mitigations in the wild. It also introduces a new mitigation, ForkGuard, which removes unused code to make ROP/BROP less reliable even in closed source binaries all from unprivileged user space.