Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Data-Oriented Programming - On the Expressiveness of Non-Control Data Attacks

IEEE via YouTube

Start learning Write review
Corporate Finance Institute Ad

35% Off Finance Skills That Get You Hired - Code CFI35

Learn More → Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore the concept of Data-Oriented Programming (DOP) and its implications for non-control data attacks in this 20-minute IEEE conference talk. Delve into the Turing-complete nature of these exploits and learn about a systematic technique for constructing expressive non-control data attacks on x86 programs. Examine the findings from an experimental evaluation of 9 programs, revealing thousands of data-oriented x86 gadgets and gadget dispatchers. Discover how 8 out of 9 real-world programs contain gadgets capable of simulating arbitrary computations, with 2 confirmed to enable Turing-complete attacks. Investigate three end-to-end attack scenarios that bypass randomization defenses, operate network bots, and alter memory permissions, all while evading ASLR and DEP protections. Gain insights into the significant power DOP grants attackers and consider potential defense strategies against these sophisticated exploits.

Syllabus

Control Attacks are Getting Harder
Contributions
Motivating Example (cont.)
Data-Oriented Programming (DOP) . General construction
Data-Oriented Gadgets
Gadget Dispatcher
Attack Construction
Evaluation - Feasibility
Case Study: Bypassing Randomization
dlopend - Dynamic Linking Interface
Case Study: Simulating A Network Bot
Case Study: Altering Memory Permissions
Related Work
Potential Defenses
Motivatine Example

Taught by

IEEE Symposium on Security and Privacy

Tags

Reviews

5.0 rating, based on 1 Class Central review

Start your review of Data-Oriented Programming - On the Expressiveness of Non-Control Data Attacks

  • Profile image for Shehram Leghari
    Shehram Leghari
    This course provides a deep and insightful explanation of Data-Oriented Programming and how it relates to non-control data attacks. The instructor explains complex security concepts in a very clear and structured way. I really liked the examples and the real-world scenarios that helped me understand how data-only attacks differ from traditional control-flow attacks. It’s a great resource for anyone interested in cybersecurity, software design, or secure programming practices. Highly recommended!
Start learning

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.