QUACK：通过静态鸭子类型阻止反序列化攻击.pdf

1、#BHUSA BlackHatEventsQUACK:Hindering Deserialization Attacks via Static Duck TypingSpeakers:Andreas Kellas,Neophytos Christou#BHUSA BlackHatEventswhoareweNeophytos ChristouPhD student,Brown UniversityCollaborators:Yaniv David1,Vasileios Kemerlis2,Junfeng Yang1Columbia University1,Brown University2An

2、dreas KellasPhD student,Columbia University#BHUSA BlackHatEventsWe know that deserialization is dangerous#BHUSA BlackHatEvents2010:“Utilizing Code Reuse/ROP in PHP Application Exploits”Stefan Esser BHUSA2015:“Marshalling Pickles:how deserializing objects will ruin your day”Frohoff and Lawrence AppSe

3、cCali2018:“Automated Discovery of Deserialization Gadget Chains”Ian Haken BHUSAWe know that deserialization is dangerous#BHUSA BlackHatEventsWe know that deserialization is dangerous so we set out to mitigate the risks#BHUSA BlackHatEventsGoals#BHUSA BlackHatEventsGoals1.Introduce QUACK to the secur

4、ity community#BHUSA BlackHatEventsGoals1.Introduce QUACK to the security community2.Raise awareness for the risks of deserialization#BHUSA BlackHatEventsRoadmapBackgroundPHPdeserialization exploitsQUACKMitigating deserialization exploits with static duck typingTakeawaysThe future of QUACK and deseri

5、alization exploits#BHUSA BlackHatEventsRoadmapBackgroundPHPdeserialization exploitsQUACKMitigating deserialization exploits with static duck typingTakeawaysThe future of QUACK and deserialization exploits#BHUSA BlackHatEventsRoadmapBackgroundPHPdeserialization exploitsHow do PHP deserialization expl

6、oits work?Deserialization exploit demoHow do existing defenses work?#BHUSA BlackHatEventsRoadmapBackgroundPHPdeserialization exploitsHow do PHP deserialization exploits work?Deserialization exploit demoHow do existing defenses work?#BHUSA BlackHatEventsWe Know Deserialization is Dangerous#BHUSA Blac