[Dailydave] Reminder: I attend painful meetings so you don't have to
Andrew
munin at mimisbrunnr.net
Fri Dec 11 12:46:46 EST 2015
Yes, that's what I said in my second paragraph. To re-state:
You actually can capture a precise notion of "standard execution path of
a program" but this doesn't help you define exploits because an exploit
can exist within the standard path of a program, such as certain kinds
of data only attacks, or almost all types of side channel information
disclosures.
On 12/11/2015 12:45 PM, Rodrigo Branco wrote:
> Andrew,
>
> CFG does not protect against valid path computing invalid data, aka,
> data-only attacks. I believe that is what Sergey meant, but copying him
> to grow the discussion ;)
>
> regards,
>
> On Dec 11, 2015 6:40 AM, "Andrew" <munin at mimisbrunnr.net
> <mailto:munin at mimisbrunnr.net>> wrote:
>
> > Dr. Sergey Bratus did an excellent job of looking at how there is NO
> WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
>
> Really?
>
> What about the information that Control Flow Guard generates? Then
> there's a map of "for each indirect branch, these are the allowable
> targets of that indirect branch." It seems that any control flow
> integrity system builds and describes some approximation of the
> "standard execution paths of a program" by design.
>
> Of course even if you get "execution path" right it doesn't even capture
> stuff like side channels, which I guess is what Bratus is talking about
> when he says "Advanced exploitation is rapidly becoming synonymous with
> the system operating exactly as designed — and yet getting manipulated
> by attackers" although I don't know if "attacks from the 70s" are really
> "advanced" ...
>
> On 12/09/2015 02:30 PM, Dave Aitel wrote:
> >
> http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html
> >
> > You should read that probably. Basically everyone on this list is
> > effected by those issues.
> >
> > -dave
> >
> >
> >
> >
> > _______________________________________________
> > Dailydave mailing list
> > Dailydave at lists.immunityinc.com
> <mailto:Dailydave at lists.immunityinc.com>
> > https://lists.immunityinc.com/mailman/listinfo/dailydave
> >
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com <mailto:Dailydave at lists.immunityinc.com>
> https://lists.immunityinc.com/mailman/listinfo/dailydave
>
More information about the Dailydave
mailing list