- This event has passed.
Hiding in the Particles: When Return-Oriented Programming Meets Program Obfuscation
June 15, 2021 @ 16:00 - 17:00
Largely known for attack scenarios, code reuse techniques at a closer
look reveal properties that are appealing also for program obfuscation.
We explore the popular return-oriented programming paradigm under this light, transforming program functions into ROP chains that coexist
seamlessly with the surrounding software stack. We show how to build
chains that can withstand popular static and dynamic deobfuscation
approaches, evaluating the robustness and overheads of the design over
common programs. The results suggest a significant amount of
computational resources would be required to carry a deobfuscation
attack for secret finding and code coverage goals.
# Speakers’ bios
Pietro Borrello is a PhD student at Sapienza University of Rome. His
research involves low-level system security, specializing in advanced
exploitation techniques and microarchitectural attacks. He designed
defense techniques based on program transformations to protect software from threats ranging from reverse engineering attacks to
microarchitectural side-channels. He plays CTFs with the TheRomanXpl0it and mhackeroni teams, which he both co-founded, and he is a four-time DEFCON finalist. He currently leads the Roman DEFCON group, which provides a gathering point to people interested in security.
Daniele Cono D’Elia is a postdoctoral researcher at Sapienza University
of Rome. His research involves software and systems security. He plays
with malware, code reuse attacks, monitoring solutions resistant to
adversarial behavior, and program analyses and transformations to make
programs more secure (e.g., fuzzing, sanitizers, side channels, code
obfuscation). In a past life, he tackled programming language research
problems, working on low-overhead profilers, dynamic compilers, and code transformation techniques. He often speaks at Black Hat events.