Presentation: Control Flow Integrity Using Hardware Counters

Track: Security: Attacking and Defending

Location: Bayview AB

Day of week:

Slides: Download Slides

Level: Advanced

Persona: Backend Developer, Developer

More talks on:

What You’ll Learn

  • Creativity and research are necessary to solve modern and future security issues.
  • What can you take from modern software and hardware development to apply to security?

Abstract

Advanced software exploitation is a rapidly changing field of study. In recent years, clever ways to bypass existing exploit defenses have become mainstream. Reactive defensive solutions based on known exploitation techniques have been proven ineffective, and easily circumvented. In this paper, we discuss a new system for early detection and prevention of unknown exploits. Our system uses Performance Monitoring Unit hardware to enforce coarse-grained Control Flow Integrity (CFI). By using hardware features that exist in modern processor architectures, and real-time CFI policy enforcement, we hope to prove that our approach is effective and suitable for practical use, while staying resistant to bypass.

Question: 

What is the focus of your work?

Answer: 

Cody is running his team on the research side and coming up with new innovative things that we can do. He and his team came up with what we will present and some of the ideas around it and in some of the decisions we made. I am the CTO and I oversee what we're what we're building in the long run and work with Cody on strategic direction.

Question: 

What is your motivation for this talk?

Answer: 

We understand security as a nuanced problem. In order to be effective at stopping an attacker when they're trying to perform an attack, you have to stop them very, very early. The later that you you detect them or stop them the more they kind of chip away at the trust and the privilege level and it becomes harder and harder.

How do you do that at the speed of software and the speed that their software changes these days? We found out you know after doing so some research and reading some related prior art that the CPU architecture provides some functions to do this at execution speed and that would be millions of instructions per second. So to solve this in the most effective way we we decided to tap into the hardware and that's really what the premise of the talk. We want to share how we got there and where we think we can go next.

Question: 

Who should come to your talk?

Answer: 

Obviously security researchers would get a lot out of it, but there's there's a lot of people out there that do vulnerability research to think about how to see and prevent attacks or exploits.

Anyone that’s interested in malware or computer security in general I think will take some stuff away from it.

Question: 

What can people come take away from this talk?

Answer: 

How to think about access and think a little bit outside the box about things that may historically have been just applicable to performance and development which could potentially be applicable to security as well.

Question: 

What keeps you up at night?

Answer: 

What keeps me up is that for me security is a real existential problem for society; everybody on the planet. And so it keeps me up at night that we aren’t doing more and we still have a gap in the individual;s knowledge of security, and behaviors, and the security of your information. In this age, you need to protect your phone because it has your whole life on it. These kind of things keep me up because these are part engineering solutions. It's also part cultural education.

Speaker: Jamie Butler

Chief Technology Officer @Endgame

Jamie Butler is the Chief Technology Officer at Endgame, where he leads Endgame’s R&D and Product teams. He has directed research teams at some of the most prominent and successful security companies of the last decade. Most recently, Butler was Chief Architect at FireEye and Chief Researcher at Mandiant. A recognized leader in attack and detection techniques, he has over 20 years of experience and knowledge in operating system security. Butler was a computer scientist at the National Security Agency and co-authored the bestseller Rootkits: Subverting the Windows Kernel. Butler is also a frequent speaker at the foremost computer security conferences and serves as a Review Board member for Black Hat. He co-developed and instructs the popular security courses “Advanced Memory Forensics in Incident Response,” “Advanced 2nd Generation Digital Weaponry,” and “Offensive Aspects of Rootkit Technology.

Find Jamie Butler at

Speaker page

https://twitter.com/jamierbutler
https://www.linkedin.com/in/butlerjamie/

Speaker: Cody Pierce

Director of Vulnerability Research @Endgame

Cody Pierce has been involved in computer and network security since the mid 90s. For the past 13 years he has focused on discovery and remediation of known and unknown vulnerabilities. Instrumental in the success of HP's Zero Day Initiative program, Cody has been exposed to hundreds of 0day vulnerabilities, advanced threats, and the most current malware research. At Endgame, Cody has led a successful team tasked with analyzing complex software to identify unknown vulnerabilities and leveraged global situational awareness to manage customer risk. A notable contributor to the vulnerability analysis and reverse engineering community Cody has been a subject matter expert in the media, referenced in industry literature, and has presented at notable industry conferences. Cody holds a unique perspective at the intersection of the most advanced threats and the state of the art in defensive measures and trends.

Find Cody Pierce at

Speaker page

Similar Talks

License Compliance for Your Container Supply Chain

Qcon

Open Source Engineer @VMware

Nisha Kumar

Observability in the SSC: Seeing Into Your Build System

Qcon

Engineer @honeycombio

Ben Hartshorne

Evolution of Edge @Netflix

Qcon

Engineering Leader @Netflix

Vasily Vlasov

Mistakes and Discoveries While Cultivating Ownership

Qcon

Engineering Manager @Netflix in Cloud Infrastructure

Aaron Blohowiak

Optimizing Yourself: Neurodiversity in Tech

Qcon

Consultant @Microsoft

Elizabeth Schneider

Monitoring and Tracing @Netflix Streaming Data Infrastructure

Qcon

Architect & Engineer in Real Time Data Infrastructure Team @Netflix

Allen Wang

Future of Data Engineering

Qcon

Distinguished Engineer @WePay

Chris Riccomini

Coding without Complexity

Qcon

CEO/Cofounder @darklang

Ellen Chisa

Holistic EdTech & Diversity

Qcon

Holistic Tech Coach @unlockacademy

Antoine Patton