I wrote a short paper on Protecting global and static variables from buffer overflow attacks without overhead. The paper mainly describes an idea on how to protect against attacks on these variables, but does not describe an implementation or anything like it yet. So it's still pretty much in a preliminary stage. It was released as a technical report and you can download it from the papers section of this site. Feel free to comment on it.

Authors: Yves Younan, Frank Piessens and Wouter Joosen
Published as: Technical Report CW463, Departement Computerwetenschappen, Katholieke Universiteit Leuven
Date: October 2006

Abstract: Many countermeasures exist to protect the stack and heap from code injection attacks, however very few countermeasures exist that will specifically protect global and static variables from attack. In this paper we suggest a way of protecting global and static variables from these type of attacks, with negligible performance and memory overheads.

The paper i submittted to ICICS (International Conference on Information and Communications Security) was accepted. Only 22 of 119 full papers submitted were accepted. The title is "Efficient protection against heap-based buffer overflows without resorting to magic". You can read a technical report which had a preliminary version of the work here. I will update the site sometime in the near future with new content.

Defcon is over, I must say the european conferences are totally different. Very different atmosphere, I prefer the European conferences actually. However I did meet alot of interesting people that I had known for a while but had never met before, I also met alot of new cool people. So the trip out to Vegas was definitely worth it. I was disappointed with the organisation of Defcon though, looked very amateuristic: they ran out of badges, programs, just about everything. They had some replacement badges luckily, but they didn't print out any extra programs or anything. There were also no TVs showing the talks anywhere. The organization of CCC is alot more professional. Anyway because of the lack of programs and basically because the program wasn't very interesting I only ended up going to one talk (basically because I knew the guys speaking): Fun with 802.11 Device Drivers by Johnny Cache and David Maynor, where they talk about hacking into computers by using bugs in the wireless device drivers. Because they are still waiting for Apple (and possibly other vendors) to fix their software, no technical details were released.

Now that Usenix is over, I'm on my way to Defcon, I can finally meet some of the people who I've known for years online but never met because they're US-based.
Hopefully it will be as cool as Usenix was.

PS: Vancouver Airport has free wireless internet!

The paper I submitted to ACSAC (Annual Computer Security Applications Conference) was accepted!

The title is "Extended protection against stack smashing attacks without performance loss"
I'll post more details soon.

So I'll be attending ACSAC in December. If you'll be there let me know and we can grab a beer or something.

Usenix Security ended just a few hours ago.

Overall it was pretty good, some of the refereed papers were impressive, others were only mediorce, it was very dependent on the track (and probably also my personal intererests because my colleagues often disagreed with me). The most interesting tracks were the ones on Software and Static analysis. I heard the Intrusion detection track was good as well, I didn't attend it because I was busy trying to convince my laptop to let me make some slides for the work in progress session.

Stephen McCamant got the best paper award for his paper Evaluating SFI for a CISC Architecture, which was definitely deserved. It was pretty impressive work, I'm looking forward to reading the paper.

Other talks which I found especially interesting: Keyboards and Covert Channels by Gaurav Shah, Milk or Wine by Andy Ozment, N-Variant Systems by Benjamin Cox, Taint-enhanced policy enforcement by Wei Xu. I've probably left some out though.

I'm currently in Vancouver for USENIX Security 2006 where I'll be presenting a poster called "Applying machine-model based countermeasure design to improve security" on Thursday.

The technical track of the conference starts on Wednesday. Today I attended the "First Hotsec" workshop which aims to be a gathering for researchers to get feedback on ideas which are less conventional. I was impressed by the amount of feedback given to the authors by the attendees, makes me wish I had submitted my machinemodel stuff to the workshop.

Hopefully I'll get equally interesting feedback on my poster.

Finally I found some time to update my sad looking website.
I'll be adding the old content back soon and then will start adding new content.

If you prefer the old "layout", it's still available here, but I won't be updating it anymore