当前位置:首页 > 报告详情

协程框架式编程:滥用现代 C++ 破坏控制流完整性.pdf

上传人: 竿*** 编号:981897 2025-11-29 231页 9.72MB

1、Breaking Control Flow Integrity by Abusing Modern C+Breaking Control Flow Integrity by Abusing Modern C+Marcos Bajo h3xduckChristian RossowCoroutine FrameCoroutine Frame-Oriented Oriented ProgrammingProgrammingThe Old AgesThe Old Ages1972Buffer overflows1stmentioned200020102020The Old AgesThe Old Ag

2、esret2libc1972200020102020Buffer overflows1stmentionedStackcanariesThe Old AgesThe Old Agesret2libc1972200020102020Buffer overflows1stmentionedStackcanariesDEP/NXASLRThe Old AgesThe Old Agesret2libc1972200020102020Buffer overflows1stmentionedStackcanariesDEP/NXASLRROPJOPDOPThe Modern AgesThe Modern

3、Ages1972200020102020CFI 1stmentionedThe Modern AgesThe Modern Ages1972200020102020CFI 1stmentionedCFGLLVM CFIIntel CETCode ReuseCode Reuse Code ReuseCode ReuseControl Flow IntegrityControl Flow Integrity“C ”f A LR,DEP,r Make exploits harderControl Flow IntegrityConstruct Control Flow Graph(CFG)Instr

4、umentation to enforce CFGCode-reuse techniques stoppedSorry,yes,ROP is dead Who We AreWho We AreMarcos Bajoaka PhD Student at CISPA(Germany)https:/ things I love:MalwareExploits DucksWho We AreWho We AreChristian RPhD Student at CISPA(Germany)https:/ things I love:MalwareExploits DucksFaculty at CIS

5、PACS Professor at Saarbrcken&DortmundLeader of the Systems Security GroupMarcos Bajoaka h3xduckrossowcispa.dechrossow(We do very cool things,reach out!)What We Will LearnWhat We Will Learn1.Userspace CFI defensesHow does CFI look like in an everyday system?What We Will LearnWhat We Will Learn1.Users

6、pace CFI defensesHow does CFI look like in an everyday system?2.Bypassing CFIHow can we exploit programs protected by CFI schemes?What We Will LearnWhat We Will Learn1.Userspace CFI defensesHow does CFI look like in an everyday system?2.Bypassing CFIHow can we exploit programs protected by CFI schem

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,全文主要探讨了现代C++中的控制流完整性(CFI)及其绕过方法,以及C++20协程的安全性和编程。以下是关键点: 1. **CFI发展历程**:从早期的缓冲区溢出到现代的DEP/NX和ASLR,再到CFI,安全防御措施不断进步。 2. **CFI类型**:包括粗粒度CFI(如Intel CET)和细粒度CFI(如LLVM CFI)。 3. **绕过CFI**:通过ROP、JOP、DOP等技术绕过CFI保护,利用代码重用技术。 4. **C++20协程**:协程的内部机制和安全性,协程帧导向编程(COOP)。 5. **协程绕过CFI**:通过帧操作和帧注入攻击协程,实现数据仅攻击(DOA)。 6. **协程控制流劫持**:通过控制帧指针(CFP)实现无限协程链(ICC)和任意函数调用。 7. **防御建议**:将恢复和销毁指针移至只读内存,添加协程标识符,以及使用堆分配省略优化(HALO)。
安全漏洞还是新威胁**? 现代C++的挑战与应对** 如何安全利用C++20新特性**?
客服
商务合作
小程序
服务号
折叠