DeepSec 2023 Talk: Nostalgic Memory – Remembering All the Wins and Losses for Protecting Memory Corruption – Shubham Dubey
Memory corruption, a vulnerability that emerged in the 1980s and gained prominence with the discovery of the first buffer overflow in the fingerd Unix application exploited by the Morris worm in 1988, has since become a significant concern in the field of information security. Its prevalence was further underscored by the influential Phrack edition 49 titled “Smashing the Stack for Fun and Profit” in 1996.
Today, memory corruption remains one of the most pressing security challenges, compelling the entire defensive security industry to develop robust countermeasures. This session aims to delve into the progress made by the security industry in mitigating and protecting against different types of memory corruption, as well as the current state of these efforts.
During the talk, I will explore various techniques that have been introduced worldwide to safeguard against and mitigate memory corruptions and their bypasses found over years. Moreover, I will present insightful metrics to gauge the effectiveness of these techniques.
This discussion will be valuable for security researchers and exploit developers seeking to familiarize themselves with existing measures designed to impede the execution of exploits and malicious code in both process and kernel memory. By attending this talk, participants will gain a comprehensive understanding of the advancements made in memory corruption mitigation, equipping them with the knowledge necessary to enhance security practices and proactively address this critical aspect of the cybersecurity landscape.
We asked Shubham a few more questions about his talk.
Please tell us the top 5 facts about your talk.
- The talk will cover past, present and future of memory corruption techniques.
- Most of the session is focused on the progress security industry has made over the years to protect systems against memory corruption vulnerability.
- You will learn the internals and working of these security mitigations and their bypasses too.
- The talk is not limited to the common techniques that most of us know, like DEP, ASLR etc, but we will go through many of the less popular techniques or researches that are not widely implemented.
- I will present a matrix that will help you compare the security mitigations with each other.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
I have been researching and working on memory corruption related work for a long time. During research, I always get to know some new mitigations or research papers that are out there that explain a protection against some memory based attack. It’s been on my mind for long to let other security folks know about these mitigations that I get to learn about and how we have progressed in this area in the last few decades.
Why do you think this is an important topic?
If you check the top 10 fields where CVE’s are raised in any product, you will find most of them to be related to memory corruption. Most exploits that are created and abused in the wild are based on some sort of memory corruption. Even though memory corruption is already known for a few decades, it’s a problem that is still broadly present. Even if you are developer or handling security of a product, you need to know how these memory corruptions are exploited and what mitigations are there that you can use in your developed application/product to reduce risk.
Is there something you want everybody to know – some good advice for our readers maybe?
If your primary role is into application or system security, you need to know that most of the attacks can be reduced if you have reduced the attack surface and have mitigations in place. It’s always a good idea to develop the application with all compiler security feature support turned on, for reducing any attacks that can happen due to bad coding practice.
A prediction for the future – what do you think will be the next
innovations or future downfalls when it comes to your field of expertise
/ the topic of your talk in particular?
Security Industry and OS vendors are trying hard to reduce the memory corruption vulnerabilities and their exploitation. This is not only going to make applications secure but also reduce the hefty amount of money a company has to spend for bug bounties when someone reports it. Even though there has been a significant amount of progress in this domain in the last few years, there are still gaps present that need to be filled. Now OS vendors have taken a new road and ditch insecure programming languages like C/C++ to switch to safe programming like rust. Although so far we see just the start of this change, we cannot predict how widely this is going to be adopted.
Shubham is a Security Researcher at Microsoft where his task is to secure the windows kernel from different vulnerabilities, especially aimed at processors and enclaves. His expertise lies in low level security and internals which includes reverse engineering, exploitation and firmware security. Prior to joining Microsoft, Shubham was Security researcher at an Antivirus company working in the exploit prevention team where he contributed to protect customers from 0days and vulnerabilities in the wild. Shubham has worked on multiple independent projects on kernel level and firmware security. He writes a security blog called nixhacker.com where you will find lots of content on low-level security and internals.