Yes, that's what I said in my second paragraph. To re-state: You actually can capture a precise notion of "standard execution path of a program" but this doesn't help you define exploits because an exploit can exist within the standard path of a program, such as certain kinds of data only attacks, or almost all types of side channel information disclosures.
On 12/11/2015 12:45 PM, Rodrigo Branco wrote: > Andrew, > > CFG does not protect against valid path computing invalid data, aka, > data-only attacks. I believe that is what Sergey meant, but copying him > to grow the discussion ;) > > regards, > > On Dec 11, 2015 6:40 AM, "Andrew" <[email protected] > <mailto:[email protected]>> wrote: > > > Dr. Sergey Bratus did an excellent job of looking at how there is NO > WAY TO DEFINE THE STANDARD EXECUTION PATH OF A PROGRAM. > > Really? > > What about the information that Control Flow Guard generates? Then > there's a map of "for each indirect branch, these are the allowable > targets of that indirect branch." It seems that any control flow > integrity system builds and describes some approximation of the > "standard execution paths of a program" by design. > > Of course even if you get "execution path" right it doesn't even capture > stuff like side channels, which I guess is what Bratus is talking about > when he says "Advanced exploitation is rapidly becoming synonymous with > the system operating exactly as designed — and yet getting manipulated > by attackers" although I don't know if "attacks from the 70s" are really > "advanced" ... > > On 12/09/2015 02:30 PM, Dave Aitel wrote: > > > > http://cybersecpolitics.blogspot.com/2015/12/the-force-awakens-dec-8-wassenaar.html > > > > You should read that probably. Basically everyone on this list is > > effected by those issues. > > > > -dave > > > > > > > > > > _______________________________________________ > > Dailydave mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.immunityinc.com/mailman/listinfo/dailydave > > > _______________________________________________ > Dailydave mailing list > [email protected] <mailto:[email protected]> > https://lists.immunityinc.com/mailman/listinfo/dailydave > _______________________________________________ Dailydave mailing list [email protected] https://lists.immunityinc.com/mailman/listinfo/dailydave
