Microsoft announce Bluehat security finalists
Microsoft have announced the finalists of the BlueHat Prize Contest to find new defensive security techniques. The finalists, who are competing for a $260,000 prize fund, have all proposed ways to defend against attacks which use return oriented programming.
Return oriented programming is where programs are assembled by carefully selecting existing machine instructions immediately prior to return instructions and loading the call stack with addresses so that those instructions can be called in an order such that they achieve an attacker's goal. The technique can overcome strict defences, as demonstrated in 2009, and has been attracting more attention as a weapon in attackers' armoury.
The finalists are Jared DeMott, Ivan Fratric and Vasilis Pappas. DeMott's entry, named "/ROP", checks that the target address of every return instruction is safe. The protection offered is said to be "not perfect", but it is quick and "integrates cleanly with Microsoft Technology". Fratric's entry, "ROPGuard", works at runtime by selecting critical functions which would be exploited by a ROP attack and adding checks to them to ensure they were being called in normal operations and not as part of a ROP exploit. ROPGuard has a low CPU and memory overhead and can be applied to any process. kBouncer is the name of Pappas' entry and proposes using hardware features on commodity processors to detect unexpected transfers of control at runtime. The kBouncer system's use of hardware features for ROP mitigation is apparently "efficient and fully transparent".
Microsoft will announce the winners of the $200,000 grand prize, $50,000 second prize and the third prize, a $10,000 value MSDN subscription, on 26 July at the company's Black Hat USA researcher appreciation party. Once the event is over, Microsoft also plans to release information about the other entries in the competition.