23 March 2017

From mn/ifi/AFSecurity
Jump to: navigation, search

AFSecurity Seminar

Exploit Prevention

DATE: 23 March 2017

LOCATION:  Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.

AGENDA:

14:45h Welcome at IFI

15:00h Talk: Exploit Prevention: Overview and Trends

15:45h Discussion

SPEAKER: Laszlo Erdodi, UiO

ABSTRACT: The talk gives an overview of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel Corporation announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a software platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.

SPEAKER BIO: Laszlo Erdodi is a researcher in cybersecurity at the Department of Informatics at UiO. He holds a PhD in Information Security, is a Certified Ethical Hacker (CEH), and a System Security Certified Practitioner (SSCP). Before joining UiO in 2017 he worked at the University of Agder.

Laszlo's main research areas are: Information Security and Ethical Hacking, Software Vulnerabilities and exploitation, Secure Programming, and Malware analysis. His cyber security related activities include: Instructor of courses on ethical hacking and exploit writing (hardcore hacking), continuous penetration testing, continuous research on cyber security and participation in big research projects (e.g. Smart house security, SCADA security).