Stack Bounds Protection with Low Fat Pointers

Link: https://www.comp.nus.edu.sg/~gregory/papers/ndss17stack.pdfSource Code: https://github.com/GJDuck/LowFat Summary: The research work is an extension of their another work (Heap bounds protection with low-fat pointers). The concept of low-fat pointers are originated in the previous paper, they provide well-details of that too. The basic concept of low-fat pointers is: use the pointer memory itself to calculate its object boundary instead of extending…

System and Software Security Research Conference

If your research is system and software security, nothing cannot be worst than counting how many different conference you should follow. Due to nature of work, you surely have to follow security, system and software engineering conference. Besides them as security research is very much practical, you also have to follow hacker conference. Sometimes for…

Block Oriented Programming: Automating Data-Only Attacks

Link: https://dl.acm.org/citation.cfm?id=3243739Source Code: https://github.com/HexHive/BOPC Summary: Vulnerable software with an active defense system (e.g. Control-Flow Integrity, Shadow Stack, Address Space Randomization etc.) is hard to exploit. Control Flow Integrity (CFI) restrict execution within valid control flows, although because of the weak control flow graph (CFG), the coarse-grained CFI system allows overapproximating control transfers. This keeps open…

SVF: Interprocedural Static Value-Flow Analysis in LLVM

SVF is a static analysis framework implemented in LLVM that allows value-flow construction and pointer analysis to be performed in an iterative manner (sparse analysis – analysis conducted into stages, from overapproximate analysis to precise, expensive analysis). It uses (default) points-to information from Andersen’s analysis and constructs an interprocedural memory SSA (Static-Single Assignment) form where…

k-hunt: Pinpointing Insecure Cryptographic Keys from Execution Traces

Link: http://web.cse.ohio-state.edu/~lin.3021/file/CCS18.pdfSource Code: https://github.com/GoSSIP-SJTU/k-hunt Summary: It would be useful for attackers if they can identify the memory location where an application store its cryptographic keys. It will be more useful to do taint analysis for various purpose (e.g. identify if a key is insecure). This research uses an online dynamic verification system to identify the…

Enforcing Unique Code Target Property for Control-Flow Integrity

Link: https://dl.acm.org/citation.cfm?id=3243797Source Code: https://github.com/uCFI-GATech Summary: The project has tried to achieve an ambitious goal: based on their execution history, enforce a CFI policy that will allow only one valid target for an indirect jump/call. For decades, researchers have tried to design a strict enforcement, a strong CFI policy. But the performance overhead and complex real-world…

Overwrite GOT Entry from Buffer Overlapping

Problem description First of all, the CTF is from pwnable.kr (problem name: passcode). The problem description is as follows:“Mommy told me to make a passcode based login system. My initial C code was compiled without any error! Well, there was some compiler warning, but who cares about that?”There is ssh to the problem server where you…

How I’ve Learned Intel Pin Tool

The most difficult part of doing research is prototyping. Especially when it’s about security, its a must one. A researcher has to prove the proposed system is legitimate. It’s true for both attack and defense. Researchers greatly depend on existing technology and software to implement their prototype. It cuts the development time to start from…