Eleftherios Ioannidis
Jan/27 | Mon | 06:00PM-08:00PM | 4-231 |
Enrollment: Unlimited: No advance sign-up
Prereq: Strong experience programming
C, love it or hate it, is somewhere at the foundation of most software today. While some may call it a glorified assembler, C does provide many useful features while giving you the option to get close to the hardware and have precise control over everything your machine does. It is also inherently insecure and writing secure software takes experience and practice. We will show you common security pitfalls and how to avoid them in your code. The materials will include:
Attack Cases
Smashing the Stack. Injecting Shell Code. Trampoline Attacks. Return-to-libc Attacks. Smashing the heap. Capturing the Allocator.
Mitigation
Secure strings. Stack/Heap Canaries. System-wide measures. ASLR.
Sponsor(s): Student Information Processing Board, Electrical Engineering and Computer Science
Contact: Eleftherios Ioannidis, sipb-iap-secure@mit.edu