Come face to face with real solutions
Meet academic and industry leaders for intimate discussions about new cyber threats, trends and technologies.
The Cybersecurity Lecture Series at Georgia Tech is a free, one-hour lecture from a thought leader who is advancing the field of information security and privacy. Invited speakers include executives and researchers from Fortune 500 companies, federal intelligence agencies, start-ups and incubators, as well as Georgia Tech faculty and students presenting their research. Lectures are open to all -- students, faculty, industry, government, or simply the curious. Students may register for credit under seminar course CS-8001-INF.
Inquire about speaking.
Sponsor the series.
Join us Fridays at Noon at Georgia Tech
Sign up to receive future alerts.
Klaus Advanced Computing Building
266 Ferst Drive, Atlanta
unless otherwise noted.
Next event: Feb. 23
Postdoctoral Fellow, School of Computer Science
"Hacking Data-flow for Turing-complete Attacks"
Control-flow hijacking attacks from memory errors become more and more difficult as targeted defense mechanisms gain wide deployment. As an alternative, non-control data attacks do not require diverting the application’s control flow, and thus can bypass existing advanced defense mechanisms. Although it is known that such data-oriented attacks can mount significant damage, we are not clear about their real expressiveness.
In this talk, Hong Hu will first present data-flow stitching, a systematic method to build data-oriented attacks. Instead of corrupting individual data inside the program, data-flow stitching breaks existing data-flows and connects the fragments in a malicious manner, thus enabling systematic construction. Then he will propose data-oriented programming, a novel method to build expressive data-oriented attacks -- even Turing-complete attacks. Finally, he will show data-oriented attacks against Chromium that bypass the fundamental SOP policy.
Hong Hu, Ph.D., is a postdoctoral fellow in School of Computer Science, College of Computing, at the Georgia Institute of Technology. His research interest focuses on system security. Currently, he is working on the memory error detection, exploitation and defense. His research work has been published at several premier, academic conferences including IEEE Symposium on Security & Privacy, Usenix, ACM Conference on Computer and Communications Security, the European Symposium on Research in Computer Security (ESORICS), and the International Conference on Engineering of Complex Computer Systems (ICECCS). He earned the Best Paper Award from ICECCS '14. Prior to joining Georgia Tech, he obtained his Ph.D. degree from National University of Singapore.
Jerry Perullo, chief information security officer at the Intercontinental Exchange, Inc., explained on Feb. 2 how his organization rates and prioritizes incoming cyber threats to the world's financial trading platforms. [Slides]
Brendan Saltaformaggio, from the School of Electrical & Computer Engineering, presented a technique for cyber forensics that scans volatile RAM in his talk, "Convicted by Memory: Recovering Spatial-Temporal Digital Evidence from Memory Images" [Slides] on Jan. 19.
Dave Levin, of the University of Maryland, shared a better method for tracking digital certificate revocations in his talk, "Revocations Are Dead. Long Live Revocations" on Jan. 12.