BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Memento EPFL//
BEGIN:VEVENT
SUMMARY:Systems Seminar - Code-Pointer Integrity
DTSTART:20140926T110000
DTEND:20140926T120000
DTSTAMP:20260406T113437Z
UID:127020ff8022461392fa862bcce873d7f82dc4daf05d8e81eb27f967
CATEGORIES:Conferences - Seminars
DESCRIPTION:Volodymyr Kuznetsov\nSystems code is often written in low-leve
 l languages like C/C++\, which offer many benefits but also delegate memor
 y management to programmers. This invites memory safety bugs that attacker
 s can exploit to divert control flow and compromise the system. Deployed d
 efense mechanisms (e.g.\, ASLR\, DEP) are incomplete\, and stronger defens
 e mechanisms (e.g.\, CFI) often have high overhead and limited guarantees.
 \nWe introduce code-pointer integrity (CPI)\, a new design point that guar
 antees the integrity of all code pointers in a program (e.g.\, function po
 inters\, saved return addresses) and thereby prevents all control-flow hij
 ack attacks\, including return-oriented programming. We also introduce cod
 e-pointer separation (CPS)\, a relaxation of CPI with better performance p
 roperties. CPI and CPS offer substantially better security-to-overhead rat
 ios than the state of the art\, they are practical (we protect a complete 
 FreeBSD system and over 100 packages like apache and postgresql)\, effecti
 ve (prevent all attacks in the RIPE benchmark)\, and efficient: on SPEC CP
 U2006\, CPS averages 1.2% overhead for C and 1.9% for C/C++\, while CPI’
 s overhead is 2.9% for C and 8.4% for C/C++.\nA prototype implementation o
 f CPI and CPS can be obtained from http://levee.epfl.ch.\n(This is joint w
 ork with L. Szekeres\, M. Payer\, G. Candea\, R. Sekar\, and D. Song)
LOCATION:BC 420 https://plan.epfl.ch/?room==BC%20420
STATUS:CONFIRMED
END:VEVENT
END:VCALENDAR