[Dailydave] Reminder: I attend painful meetings so you don't have to
Andrew
munin at mimisbrunnr.net
Wed Dec 9 18:45:46 EST 2015
> Dr. Sergey Bratus did an excellent job of looking at how there is NO
WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
Really?
What about the information that Control Flow Guard generates? Then
there's a map of "for each indirect branch, these are the allowable
targets of that indirect branch." It seems that any control flow
integrity system builds and describes some approximation of the
"standard execution paths of a program" by design.
Of course even if you get "execution path" right it doesn't even capture
stuff like side channels, which I guess is what Bratus is talking about
when he says "Advanced exploitation is rapidly becoming synonymous with
the system operating exactly as designed — and yet getting manipulated
by attackers" although I don't know if "attacks from the 70s" are really
"advanced" ...
On 12/09/2015 02:30 PM, Dave Aitel wrote:
> http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html
>
> You should read that probably. Basically everyone on this list is
> effected by those issues.
>
> -dave
>
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list