您位于: 首页 / Events / 梁振凯学术报告会

梁振凯学术报告会

事件详细信息

时间

2012-06-28
起始时间 14:30 结束时间 17:00

地点

1801

把事件添加到日历

Title: Diagnosis and Classification of Sophisticated Memory-corruption Exploits

Abstract: Software exploits are one of the major threats to the Internet security. A large family of exploits works by corrupting memory of the victim process to execute malicious code. To quickly respond to these attacks, it is critical to automatically diagnose such exploits to find out how they circumvent existing defense mechanisms. Because of the complexity of the victim programs and sophistication of recent exploits, existing analysis techniques fall short: they either miss important attack steps or report too much irrelevant information. In this paper, based on the observation that the key steps in memory corruption exploits often involve pointer misuses, we propose a novel solution, PointerScope, to use type inference on binary execution to detect the pointer misuses induced by an exploit. These pointer misuses highlight the important attack steps of the exploit, and therefore convey valuable information about the exploit mechanisms. Our approach complements dependency-based solutions to perform more comprehensive diagnosis of sophisticated memory exploits. We prototyped PointerScope and evaluated it using realworld exploit samples and demonstrated that PointerScope can successfully capture the key attack steps, which significantly facilitates attack response. In this talk, we will discuss the design and implementation of PointerScope, as well as it's potential in automatic attack classification.

Bio:  Dr. LIANG Zhenkai is an assistant professor of the School of Computing, National University of Singapore. His main research interests are in system and software security, web security, and software debugging. He has been working on solutions in malicious program analysis and confinement, malicious JavaScript prevention in the browser environment, and software error detection and debugging techniques. As a co-author, he received the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE in 2009, the Best Paper Award at USENIX Security Symposium in 2007, and the Outstanding Paper Award at the Annual Computer Security Applications Conference (ACSAC) in 2003. He also received the Young Investigator Award of National University of Singapore in 2008. He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, B.S. degree in Computer Science and B.S. degree in Economics from Peking University in 1999.