Code Reuse Techniques for Software Security
Anno
2020
Proponente Pietro Borrello - Dottorando
Struttura
DIPARTIMENTO DI INGEGNERIA INFORMATICA, AUTOMATICA E GESTIONALE -ANTONIO RUBERTI-
Sottosettore ERC del proponente del progetto
PE6_5
Componenti gruppo di ricerca
Componente Categoria
Leonardo Querzoni Tutor di riferimento
Abstract

Memory corruption vulnerabilities have been exploited for decades to hijack the normal
operation of a program by injecting malicious code. As operating systems were hardened
against code injection, attackers started to explore code reuse (CR) techniques that combine
existing program instructions in unanticipated ways, allowing arbitrary actions at an attacker's
will. Mitigating such attacks is challenging, as the different ways in which the CR paradigm can
be incarnated make it hard to distinguish between normal and unexpected computations.
Moreover, defenses for one CR scheme typically fall short for other variants. Building on recent
research I authored in the area, I plan to tackle the ambitious goal of developing program
analysis and compiler techniques both to dissect CR attacks and to use CR itself as a defense
mechanism. Indeed, by destructuring the control flow, CR could be used as a tool to obfuscate
applications, making it harder for attackers to seek for vulnerabilities.

ERC
PE6_5, PE6_3, PE6_2
Keywords:
SICUREZZA INFORMATICA E PRIVACY, PRIVACY E SICUREZZA, SICUREZZA, SISTEMI OPERATIVI, INFORMATICA E SISTEMI INFORMATIVI

© Università degli Studi di Roma "La Sapienza" - Piazzale Aldo Moro 5, 00185 Roma