Keynote记忆安全语言救不了你.pdf

1、Memory Safe Languages Wont Save YouYarden ShafirAbout me Security Engineer&Researcher Windows Internals researcher Former EDR developer Likes to research exploits,mitigations and post-exploitation techniques Former circus artistMemory Bugs are Everywhere 70%of reported software bugs are memory bugsG

2、oogle Chrome analysis,2015-2020Microsoft analysis,2006-2018Presented by Matt Miller at BlueHatIL 2019Microsoft CVEs root cause2015-2023Software Memory Safety A lot of new code is written in Rust,Go,C#But its not always written very well In 2023 CISA issued an advisory for“The Urgent Need for Memory

3、Safety in Software Products”Encourages companies to use memory safe languages in future projects Microsoft is(re)writing some components in rust Some parts of Win32k,Sudo,OpenVMMWill Memory Safety Kill Exploitation?Nope Memory safe!=Bug free Memory safe languages still contain“unsafe”code blocks Mem

4、ory safe languages defend againstmemory vulnerabilities Attackers are already moving away from memory bugs A lot of mitigations focusing on memory exploitation made exploits much less reliable and harder to write and maintainKnown Exploited Vulnerabilities(CISA)2021:36%memory bugs(total:310)92%of br

5、owser bugs and 70%of OS kernel bugs 2022:45%memory bugs(total:555)80%of browser bugs and 50%of OS kernel bugs 2023:33%memory bugs(total:187)100%of browser bugs and 62%of OS kernel bugs 2024:25%memory bugs(total:133)100%of browser bugs and 59%of OS kernel bugs Logic Bugs Bugs that are not caused by i

6、mproper handling of memory No buffer overflows,use-after-free,heap corruption,etc.Logic bugs are overlooked behaviors,side effects or intentional features that can be abused Some logic bug classes are generic,others are specific to a feature or product Generic classes:path traversal,improper access