Andrew, CFG does not protect against valid path computing invalid data, aka, data-only attacks. I believe that is what Sergey meant, but copying him to grow the discussion ;)
regards, On Dec 11, 2015 6:40 AM, "Andrew" <[email protected]> wrote: > > Dr. Sergey Bratus did an excellent job of looking at how there is NO > WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM. > > Really? > > What about the information that Control Flow Guard generates? Then > there's a map of "for each indirect branch, these are the allowable > targets of that indirect branch." It seems that any control flow > integrity system builds and describes some approximation of the > "standard execution paths of a program" by design. > > Of course even if you get "execution path" right it doesn't even capture > stuff like side channels, which I guess is what Bratus is talking about > when he says "Advanced exploitation is rapidly becoming synonymous with > the system operating exactly as designed — and yet getting manipulated > by attackers" although I don't know if "attacks from the 70s" are really > "advanced" ... > > On 12/09/2015 02:30 PM, Dave Aitel wrote: > > > http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html > > > > You should read that probably. Basically everyone on this list is > > effected by those issues. > > > > -dave > > > > > > > > > > _______________________________________________ > > Dailydave mailing list > > [email protected] > > https://lists.immunityinc.com/mailman/listinfo/dailydave > > > _______________________________________________ > Dailydave mailing list > [email protected] > https://lists.immunityinc.com/mailman/listinfo/dailydave >
_______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
