[Colloq] Cybersecurity and Privacy Institute Speaker Series: Lucas Davi - Return and Re-enter: Modern Software Attack Techniques and Defenses - October 31

[Ponte, Christopher]

Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany
Date: October 31, 2018
Location: ISEC 655
Time: 2:00pm – 3:00pm
Title: Return and Re-enter: Modern Software Attack Techniques and Defenses

Abstract
Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.

About the Speaker
Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.