![[site.logo.alt]](/presentation/images/RO_VJ_Logo.png){kind=logo}
Herbert Bos
Associate Professor, VU University
Biography
Herbert Bos is an associate professor at VU University Amsterdam (aka the Vrije Universiteit). He obtained his PhD from the University of Cambridge (UK) and currently heads a research group in security and operating systems. In 2010, he became the first and so far only computer scientist in the Netherlands to win an ERC Ideas Starting Grant (to work on reverse engineering of C binaries). Systems developed by his group include the popular Argos intrusion detection system, and the Streamline architecture for high-speed network monitoring.
Presentation: Body Armor for Binaries: protecting legacy code from buffer overflows
Despite a plethora of defense mechanisms, buffer overflows are perpetually in the top 3 of the CWE SANS top 25 most dangerous software errors. Attackers use memory corruption to manipulate a program's execution, or to modify its data. Even if we know software is probably vulnerable, we typically cannot fix the problem as we don't have access to the source code.
In this talk, I present BodyArmor: a novel technique to protect existing C binaries from memory corruption attacks on both control data and non-control data. Non-control data attacks especially are very difficult to detect and stop as they do not divert the control flow, execute injected code, or even change the program's behavior in a noticeable way. Currently, no practical counter measure against such attacks exists. Our approach hardens binaries against both kinds of buffer overflow, without requiring access to the program's source code, or even the symbol table. BodyArmor has excellent false positive properties and we have not observed a single false positive in practice. We show that BodyArmor is able to stop real attacks--including the well-known non-control data attack on the eximmail server--with an overhead of 70% for gzip, 16%-200% for lighttpd, and 190% for nbench.