|
@epakskape | |||||
|
Interested in memory safety exploits & mitigations?
Here's a new research paper that explores an ISA extension which tries to make it more difficult to corrupt pointers.
All feedback on the security efficacy and overall design is appreciated :)
microsoft.com/en-us/research…
|
||||||
|
||||||
|
Patrick Jauernig
@JauernigPatrick
|
19. srp |
|
You should have a look on our take on this (IMIX on USENIX Security 2018), I think it is quite similar :)
usenix.org/conference/use…
|
||
|
|
||
|
Matt Miller
@epakskape
|
22. srp |
|
Thanks, I forwarded that paper ref on to the authors :)
|
||
|
|
||
|
Mathias Payer
@gannimo
|
21. srp |
|
This policy enforces a neat property I'd call set integrity. Attackers can locate and still compromise pointer stores (or indexes into pointer arrays). Attacks will be harder but not impossible, becoming more program dependant. (Disclaimer: I only skimmed b/c mobile)
|
||
|
|
||
|
Graham Sutherland [Polynomial^DSS]
@gsuberland
|
21. srp |
|
It's interesting. It has promise, but I think this bit is very concerning and needs further consideration to get rid of the interrupt loophole. Context switches are far too easily timed. pic.twitter.com/MqrmF3WsGO
|
||
|
|
||
|
Daniel Bilar
@daniel_bilar
|
22. srp |
|
You probably know this already but in case not: @yuvalyarom et al #eurosys #apsys time protection ("missing OS abstraction") & aISA as abstraction shielder twitter.com/daniel_bilar/s…
|
||
|
|
||
|
Ori Damari
@0xrepnz
|
19. srp |
|
It looks very innovative! 😊
|
||
|
|
||