Data Science Day @ Columbia University has ended
Columbia University’s Data Science Institute Presents:

Authors/Collaborators are listed in alphabetical order.

Back To Schedule
Wednesday, April 6 • 2:00pm - 4:30pm
Heisenbyte: Thwarting Memory Disclosure Attacks using Destructive Code Reads [D4]

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Vulnerabilities that disclose executable memory pages en- able a new class of powerful code reuse attacks that build the attack payload at runtime. In this work, we present Heisenbyte, a system to protect against memory disclosure attacks. Central to Heisenbyte is the concept of destructive code reads – code is garbled right after it is read. Garbling the code after reading it takes away from the attacker her ability to leverage memory disclosure bugs in both static code and dynamically generated just-in-time code. By leveraging existing virtualization support, Heisenbyte’s novel use of destructive code reads sidesteps the problem of incomplete binary disassembly in binaries, and extends protection to close-sourced COTS binaries, which are two major limitations of prior solutions against memory disclosure vulnerabilities. Our experiments demonstrate that Heisenbyte can tolerate some degree of imperfect static analysis in disassembled binaries, while effectively thwarting dynamic code reuse exploits in both static and JIT code, at a modest 1.8% average runtime overhead due to virtualization and 16.5% average overhead due to the destructive code reads.

Demo/Poster Presenter
avatar for Adrian Tang

Adrian Tang

PhD Candidate in Computer Science, Columbia University
Adrian is a PhD student who joined the IDS Lab in Fall 2012. His interests include vulnerability research, malware analysis and detection. He is currently researching in hardware-oriented techniques to detect malware attacks

Demo/Poster Collaborator
avatar for Simha Sethumadhavan

Simha Sethumadhavan

Associate Professor of Computer Science, Columbia University
Simha Sethumadhavan is an Associate Professor of Computer Science at Columbia Engineering. He is the founding director of the Computer Architecture and Security Technologies Lab (CASTL) at Columbia University. Sethumadhavan’s research interests are in hardware security, hardware... Read More →
avatar for Salvatore Stolfo

Salvatore Stolfo

Professor of Computer Science, Columbia University
Salvatore J. Stolfo is Professor of Computer Science at Columbia University. He received his Ph.D. from NYU Courant Institute in 1979 and has been on the faculty of Columbia ever since. He won an IBM Faculty Development Award early in his academic career in 1983. He has published... Read More →

Wednesday April 6, 2016 2:00pm - 4:30pm EDT
Roone Arledge Auditorium Lerner Hall, Columbia University 2920 Broadway, New York, NY 10040