[Dailydave] Reminder: I attend painful meetings so you don't have to

Andrew munin at mimisbrunnr.net
Fri Dec 11 12:46:46 EST 2015


Yes, that's what I said in my second paragraph. To re-state:

You actually can capture a precise notion of "standard execution path of
a program" but this doesn't help you define exploits because an exploit
can exist within the standard path of a program, such as certain kinds
of data only attacks, or almost all types of side channel information
disclosures.

On 12/11/2015 12:45 PM, Rodrigo Branco wrote:
> Andrew,
> 
> CFG does not protect against valid path computing invalid data, aka,
> data-only attacks.  I believe that is what Sergey meant, but copying him
> to grow the discussion ;)
> 
> regards,
> 
> On Dec 11, 2015 6:40 AM, "Andrew" <munin at mimisbrunnr.net
> <mailto:munin at mimisbrunnr.net>> wrote:
> 
>     > Dr. Sergey Bratus did an excellent job of looking at how there is NO
>     WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM.
> 
>     Really?
> 
>     What about the information that Control Flow Guard generates? Then
>     there's a map of "for each indirect branch, these are the allowable
>     targets of that indirect branch." It seems that any control flow
>     integrity system builds and describes some approximation of the
>     "standard execution paths of a program" by design.
> 
>     Of course even if you get "execution path" right it doesn't even capture
>     stuff like side channels, which I guess is what Bratus is talking about
>     when he says "Advanced exploitation is rapidly becoming synonymous with
>     the system operating exactly as designed — and yet getting manipulated
>     by attackers" although I don't know if "attacks from the 70s" are really
>     "advanced" ...
> 
>     On 12/09/2015 02:30 PM, Dave Aitel wrote:
>     >
>     http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html
>     >
>     > You should read that probably. Basically everyone on this list is
>     > effected by those issues.
>     >
>     > -dave
>     >
>     >
>     >
>     >
>     > _______________________________________________
>     > Dailydave mailing list
>     > Dailydave at lists.immunityinc.com
>     <mailto:Dailydave at lists.immunityinc.com>
>     > https://lists.immunityinc.com/mailman/listinfo/dailydave
>     >
>     _______________________________________________
>     Dailydave mailing list
>     Dailydave at lists.immunityinc.com <mailto:Dailydave at lists.immunityinc.com>
>     https://lists.immunityinc.com/mailman/listinfo/dailydave
> 


More information about the Dailydave mailing list