Title: Cybersecurity Speaker Series: Return and Re-enter: Modern Software Attack Techniques and Defenses

Speaker: Lucas Davi, Assistant Professor, University of Duisburg-Essen, Germany

Location: ISEC 655

Abstract

Software attacks exploit vulnerabilities in programs to trigger malicious operations and steal sensitive data. While existing attacks have mainly focused on classic desktop PCs and mobile systems, they are increasingly applied to modern software systems such as smart contracts. In this talk, we investigate two prevalent software attack techniques, namely return-oriented programming and re-entrancy attacks. The former attack technique leverages a malicious combination of benign code sequences to compromise web browsers and document viewers, whereas the latter exploits state inconsistencies to drain money out of a smart contract. For both, we discuss their evolution and investigate the challenges when building defenses against these attacks.

About the Speaker

Lucas Davi is an assistant professor for secure software systems at University of Duisburg-Essen, Germany. He received his PhD from TU Darmstadt in computer science. His research focus includes aspects of system security, software security, and trusted computing, especially software exploitation techniques and defenses. He received best paper awards at DAC, ACM ASIACCS, and IEEE Security and Privacy. His PhD thesis on code-reuse attacks and defenses has been awarded the ACM SIGSAC Dissertation Award 2016.