Difference between revisions of "AFSecurity Seminar"

From mn/ifi/AFSecurity
Jump to: navigation, search
Line 16: Line 16:
  
 
'''ABSTRACT:'''
 
'''ABSTRACT:'''
The talk presents an overview and history of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a microprocessor platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.
+
The talk gives an overview of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a microprocessor platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.
  
 
'''SPEAKER BIO:'''
 
'''SPEAKER BIO:'''

Revision as of 16:38, 14 March 2017

Post-Quantum Crypto

DATE: 28 March 2017

LOCATION:  Kristen Nygaards sal (room 5370), Ole Johan Dahl's House.

AGENDA:

14:00h Welcome at IFI

14:15h Talk: Exploit Prevention: Overview and Trends

15:00h Discussion

SPEAKER: Laszlo Erdodi, UiO

ABSTRACT: The talk gives an overview of prevention techniques against software exploits used by hackers to compromise computers. Data Execution Prevention is for example a fundamental prevention technique supported at the microprocessor hardware level. Unfortunately this prevention technique is routinely bypassed by hacker exploits based on so-called Return Oriented Programming (ROP). In 2016 Intel announced its latest microprocessor with a new exploit prevention technique called Control Flow Enforcement which theoretically stops ROP. However, recent research indicates that Intel's new exploit prevention technique can be bypassed by yet another type of exploits based on Loop Oriented Programming. It's interesting to ask what the next exploit prevention technique will be, and how long it will take before hackers develop another counter-exploit. The fundamental question is whether it is possible to design a microprocessor platform which is totally immune against exploits. The talk will also present and analyse recent exploits found in the wild, e.g. the TOR users attacking exploit.

SPEAKER BIO: Laszlo Erdodi is a researcher in cybersecurity at the Department of Informatics at UiO. He holds a PhD in Information Security, is a Certified Ethical Hacker (CEH), and a System Security Certified Practitioner (SSCP). Before joining UiO he worked at the University of Agder.

His main research areas are: Information Security and Ethical Hacking, Software Vulnerabilities and exploitation, Secure Programming, and Malware analysis. His cyber security related activities include: Instructor of courses on ethical hacking and exploit writing (hardcore hacking), continuous penetration testing, continuous research on cyber security and participation in big research projects (e.g. Smart house security, SCADA security).