{"595088":{"#nid":"595088","#data":{"type":"event","title":"Cybersecurity Lecture Series with Mathias Payer","body":[{"value":"\u003Ch5\u003E\u003Cstrong\u003E\u003Cem\u003E\u0026quot;Why Memory Corruption is Hard\u0026quot;\u003C\/em\u003E\u003C\/strong\u003E\u003Cbr \/\u003E\r\n\u0026nbsp;\u003C\/h5\u003E\r\n\r\n\u003Cdiv\u003E\r\n\u003Cp\u003EMemory corruption has plagued systems since the dawn of computing. With the rise of defense techniques (such as stack cookies, ASLR, and DEP), attacks have become much more complicated, yet control-flow hijack attacks are still prevalent. Attacks rely on code reuse, often leveraging some form of information disclosure. Stronger defense mechanisms have been proposed but none have seen wide deployment so far due to the time it takes to deploy a security mechanism, the incompatibility with systems\/software, and most severely due to performance overhead. In this talk, we evaluate the security benefits and limitations of the status quo and look into upcoming defense mechanisms (and their attacks).\u003C\/p\u003E\r\n\r\n\u003Cp\u003EControl-Flow Integrity (CFI) and Code-Pointer Integrity (CPI) are two of the hottest upcoming defense mechanisms. CFI guarantees that the runtime control flow follows the statically determined control-flow graph. An attacker may reuse any of the valid transitions at any control-flow transfer. CPI on the other hand is a dynamic property that enforces memory safety guarantees integrity of code pointers by separating code pointers from regular data. We will discuss differences and advantages\/disadvantages of both approaches, especially considering their security guarantees and performance impacts, and look at strategies to defend against other attack vectors like type confusion.\u003C\/p\u003E\r\n\u003C\/div\u003E\r\n\r\n\u003Cp\u003E\u003Ca href=\u0022http:\/\/attend.com\/cyberlecture-payer\u0022\u003E\u003Cstrong\u003ERegister to attend\u003C\/strong\u003E\u003C\/a\u003E\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003E\u003Cstrong\u003EMathias Payer \u003C\/strong\u003E\u003C\/strong\u003Eis a security researcher and an assistant professor in computer science at Purdue University, leading the HexHive group. His research focuses on protecting applications even in the presence of vulnerabilities, with a focus on memory corruption. He is interested in system security, binary exploitation, software-based fault isolation, binary translation\/recompilation, and virtualization. In 2014, he founded the \u0026ldquo;b01lers\u0026rdquo; Purdue \u0026ldquo;Capture the Flag\u0026rdquo; team. Before joining Purdue in 2014, he spent two years as a postdoctoral researcher in Dawn Song\u0026#39;s BitBlaze group at the University of California Berkeley. He graduated from ETH Zurich with a Doctor of Sciences in 2012. All implementation prototypes from his group are open-source.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\r\n\r\n\u003Cp\u003EOrganized by the\u0026nbsp;\u003Ca href=\u0022https:\/\/protect-us.mimecast.com\/s\/1dr5BkcYL59Mh8\u0022 rel=\u0022noopener\u0022 target=\u0022_blank\u0022\u003EInstitute for Information Security \u0026amp; Privacy\u003C\/a\u003E, the free and open-to-the-public Cybersecurity Lecture Series \u003Ca href=\u0022http:\/\/www.iisp.gatech.edu\/cyber-lecture\u0022 target=\u0022_blank\u0022\u003Emeets throughout the fall\u003C\/a\u003E each Friday at Noon on the Georgia Tech campus, August \u0026ndash; December. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research.\u003C\/p\u003E\r\n\r\n\u003Cp\u003E\u003Cstrong\u003E\u003Ca href=\u0022http:\/\/www.iisp.gatech.edu\/sign-cybersecurity-lecture-updates\u0022\u003EReceive future schedule updates\u003C\/a\u003E\u003C\/strong\u003E\u003C\/p\u003E\r\n","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":[{"value":"\u003Cp\u003EGeorgia Tech\u0026rsquo;s free and open-to-the-public Cybersecurity Lecture Series welcomes Mathias Payer, a security researcher and assistant professor in computer science at Purdue University, leading the HexHive group.\u003C\/p\u003E\r\n","format":"limited_html"}],"field_summary_sentence":[{"value":"Georgia Tech\u2019s Cybersecurity Lecture Series welcomes Mathias Payer of Purdue University."}],"uid":"27490","created_gmt":"2017-08-28 13:06:02","changed_gmt":"2017-08-28 13:52:12","author":"Tara La Bouff","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2017-09-08T13:00:00-04:00","event_time_end":"2017-09-08T14:00:00-04:00","event_time_end_last":"2017-09-08T14:00:00-04:00","gmt_time_start":"2017-09-08 17:00:00","gmt_time_end":"2017-09-08 18:00:00","gmt_time_end_last":"2017-09-08 18:00:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"hg_media":{"593723":{"id":"593723","type":"image","title":"Cybersecurity Lecture Series by IISP","body":null,"created":"1500996186","gmt_created":"2017-07-25 15:23:06","changed":"1500996186","gmt_changed":"2017-07-25 15:23:06","alt":"","file":{"fid":"226333","name":"CLS_logo_FY18 w tag.jpg","image_path":"\/sites\/default\/files\/images\/CLS_logo_FY18%20w%20tag.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/CLS_logo_FY18%20w%20tag.jpg","mime":"image\/jpeg","size":580256,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/CLS_logo_FY18%20w%20tag.jpg?itok=8s4XWw-w"}},"595089":{"id":"595089","type":"image","title":"Mathias Payer","body":null,"created":"1503925637","gmt_created":"2017-08-28 13:07:17","changed":"1503925637","gmt_changed":"2017-08-28 13:07:17","alt":"","file":{"fid":"226790","name":"mpayer.jpg","image_path":"\/sites\/default\/files\/images\/mpayer.jpg","image_full_path":"http:\/\/www.tlwarc.hg.gatech.edu\/\/sites\/default\/files\/images\/mpayer.jpg","mime":"image\/jpeg","size":46662,"path_740":"http:\/\/www.tlwarc.hg.gatech.edu\/sites\/default\/files\/styles\/740xx_scale\/public\/images\/mpayer.jpg?itok=lSZWo6l2"}}},"media_ids":["593723","595089"],"groups":[{"id":"430601","name":"Institute for Information Security and Privacy"}],"categories":[],"keywords":[{"id":"1404","name":"Cybersecurity"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1795","name":"Seminar\/Lecture\/Colloquium"}],"invited_audience":[{"id":"78761","name":"Faculty\/Staff"},{"id":"78771","name":"Public"},{"id":"174045","name":"Graduate students"},{"id":"78751","name":"Undergraduate students"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[{"value":"\u003Cp\u003ELindsey Panetta, \u003Ca href=\u0022mailto:lindsey.panetta@gtri.gatech.edu\u0022\u003Elindsey.panetta@gtri.gatech.edu\u003C\/a\u003E\u003C\/p\u003E\r\n","format":"limited_html"}],"email":[],"slides":[],"orientation":[],"userdata":""}}}