题目：Diagnosis and Classification of Sophisticated Memory-corruption Exploits
报告人：梁振凯
地点：东五楼二楼210学术报告厅
时间：6月20日下午3:00

报告摘要:
Software exploits are one of the major threats to the Internet security. A large family of exploits works by corrupting memory of the victim process to execute malicious code. To quickly respond to these attacks, it is critical to automatically diagnose such exploits to find out how they circumvent existing defense mechanisms. Because of the complexity of the victim programs and sophistication of recent exploits, existing analysis techniques fall short: they either miss important attack steps or report too much irrelevant information. In this paper, based on the observation that the key steps in memory corruption exploits often involve pointer misuses, we propose a novel solution, PointerScope, to use type inference on binary execution to detect the pointer misuses induced by an exploit. These pointer misuses highlight the important attack steps of the exploit, and therefore convey valuable information about the exploit mechanisms. Our approach complements dependency-based solutions to perform more comprehensive diagnosis of sophisticated memory exploits. We prototyped PointerScope and evaluated it using realworld exploit samples and demonstrated that PointerScope can successfully capture the key attack steps, which significantly facilitates attack response. In this talk, we will discuss the design and implementation of PointerScope, as well as it's potential in automatic attack classification.

报告人简介:
Dr. Liang Zhenkai is an assistant professor of the School of Computing, National University of Singapore. His main research interests are in system and software security, web security, and software debugging. He has been working on solutions in malicious program analysis and confinement, malicious JavaScript prevention in the browser environment, and software error detection and debugging techniques. As a co-author, he received the ACM SIGSOFT Distinguished Paper Award at ESEC/FSE in 2009, the Best Paper Award at USENIX Security Symposium in 2007, and the Outstanding Paper Award at the Annual Computer Security Applications Conference (ACSAC) in 2003. He also received the Young Investigator Award of National University of Singapore in 2008. He received his Ph.D. degree in Computer Science from Stony Brook University in 2006, B.S. degree in Computer Science and B.S. degree in Economics from Peking University in 1999.