2012 Conference on Computer and Communications Security

Communications Security

In October I attended the 19th ACM Conference on Computer and Communications Security (CCS) in Raleigh, North Carolina.  It was my fourth time attending (and third city visited for) the conference.

Here are some of my interesting takeaways from the conference:

The next thing after ASLR?  Address space layout randomization (ASLR) is an anti-malware technique.  Under ASLR you mix up where your program keeps its important data structures.  Doing so makes it harder for malicious software to find and abuse those structures.  Taking “mix things up” one step further, I enjoyed the talk on Binary Stirring: Self-randomizing Instruction Addresses of Legacy X86 Binary Code.  The authors’ technique “transforms legacy application binary code into self-randomizing code that statically re-randomizes itself each time it is loaded.” The point of Binary Stirring is to end up with a completely different (but functionally equivalent) executable code segment, each time you load a program.  The authors double “each code segment into two separate segments—one in which all bytes are treated as data, and another in which all bytes are treated as code.  …In the data-only copy (.told), all bytes are preserved at their original addresses, but the section is set non-executable (NX). In the code-only copy (.tnew), all bytes are disassembled into code blocks that can be randomly stirred into a new layout each time the program starts. (The authors measured about a 2% performance penalty from mixing up the code segment.)

Leave a Reply

Your email address will not be published. Required fields are marked *

scroll to top