Control Hijacking I

CSE LECTURER CANDIDATE SEMINAR

In a computer program, control flows from one instruction to the next and can be redirected using branches, loops, and function calls. The job of the programmer is to use control flow to ensure an input leads to the correct output. However, programmers do not always account for all inputs, and undefined behavior can result. A maliciously crafted input can take full advantage of the undefined behavior: crashing, hanging, or providing arbitrary execution.

In this talk we will introduce the techniques used to craft malicious inputs that hijack control. We will build our understanding of how a simple program executes until we are able to exploit it to execute arbitrary instructions.

Bio:

Benjamin VanderSloot is a Ph.D. Student in Computer Science at the University of Michigan, focusing on computer security and privacy working with Dr. J. Alex Halderman. He is expected to complete his degree this May, defending his work using Internet measurement techniques to enhance transparency, trustworthiness, and privacy.