DynaGuard Special Security Headlines podcast

4+ y ago 56:36

Content provided by Firo Solutions. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Firo Solutions or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://staging.podcastplayer.com/legal.

In this episode of Security Headlines, we are joined by a great mind in the

memory security space. A spark was created when Theofilos peaked

into the realms of security. So he packed his bag and got to the next plane to the US in order to deep-dive more into the security field during

his studies. He became fascinated by the world of writing exploits

and "smashing the stack" as we say in the hacking field. He is a

brilliant guy when it comes to memory attack and he has co-written a

solution that solves the stack canary problem.

We had the chance to sit down with Theofilos Petsios and

get to hear his view on security, development and a lot more.

That you can tune into right here:

Stack canaries is a security mitigation technique that has been widely

adopted and you will find it in most systems today. But does it really work?

Topics that we touch upon in this episode:

Stack canaries

Address layer space randomization

Blind Return Oriented Programming (BROP)

Return Oriented Programming

Static code analysis

Rest in peace Andrea Bittau

security mitigations

Write Xor Execute(W^X)

Dynaguard

Where stack canaries fail and the operating systems approach to it.

hardening systems

where the future of security is going

CVE's over time

Memory corruption bugs

builtin security in the compilers

Security vs Overhead

Using memory in the Thread-local storage

adoption of security mitigations

stack clash

Pin, Intel's dynamic binary instrumentation framework

Defense Advanced Research Projects Agency

whitepapers and Proof of concepts

Fuzzing

building better security tools

Cost vs benefit in the security field

Switching from userspace to kernel space mitigations

linters

secure codebases

formal verifications

"Stack canaries is just one little stone, one a the beach that keeps getting hit by big waves"

External links

https://twitter.com/theofilospe

https://www.cs.columbia.edu/~theofilos/files/slides/dynaguard.pdf

https://www.cs.columbia.edu/~theofilos/files/papers/2015/dynaguard.pdf

http://www.scs.stanford.edu/brop/

http://www.scs.stanford.edu/brop/bittau-brop.pdf

https://github.com/nettrino/DynaGuard

https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html

https://github.com/nezha-dt/nezha

https://llvm.org/docs/LibFuzzer.html

https://github.com/nettrino/vimconf

https://capsule8.com/blog/millions-of-binaries-later-a-look-into-linux-hardening-in-the-wild/

https://youtu.be/Er44ur7wkXQ?t=44

25 episodes