Wed 10.31.18
2:00P EDT/5:43P PDT
1 Hour Event
Wed 10.31.18
2:00P EDT/5:43P PDT
1 Hour Event
Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany
Location: ISEC 655
Abstract
Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.
Abstract
Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.
Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany
Location: ISEC 655
Abstract
Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.
Abstract
Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.
Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany
Location: ISEC 655
Abstract
Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.
Abstract
Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.
Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany
Location: ISEC 655
Abstract
Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.
Abstract
Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.