News, Vulnerability

Researcher wins $200,000 prize from Microsoft for new exploit mitigation technology

Security researcher and Columbia University PhD student Vasilis Pappas was announced the winner of the Microsoft BlueHat Prize   contest for an exploit mitigation technology called “kBouncer” which is designed to detect and prevent return-oriented programming   (ROP), a popular vulnerability exploitation technique.

Microsoft launched the BlueHat Prize contest one year ago at the Black Hat USA 2011 security conference in order to motivate security researchers to develop new anti-exploitation   techniques. Pappas received a check for US$200,000 during the award ceremony event in Las Vegas on Thursday.

IN PICTURES: Quirkiest moments at 2012 Black Hat security conference

As part of the contest rules, Microsoft received a royalty-free license to use any of the submitted technologies, but their   creators retain the intellectual property rights over them.

ROP is frequently used in exploits that target memory safety vulnerabilities like buffer overflows, which can result in the   unauthorized execution of arbitrary code.

The technique makes exploits more reliable and allows attackers to get around security mechanisms present in modern operating   systems, like Data Execution Prevention (DEP) or Address Space Layout Randomization (ASLR), said Carsten Eiram, chief security   specialist at vulnerability research firm Secunia.

Kbouncer was one of the three exploit mitigation technologies selected by Microsoft for the BlueHat Prize finals from a total   of 20 entries that qualified.

Pappas worked on other exploit mitigation technologies in the past and already had the idea behind kBouncer in his head, he   said. The BlueHat contest provided an opportunity to put it into practice.

The researcher doesn’t have any concrete plans yet for the technology or the $200,000 prize money that he received from Microsoft.

The other two technologies that made into the final also focused on ROP prevention. They were developed by security researchers   Jared DeMott and Ivan Fratric.

Fratric won second place and a $50,000 prize with his concept called “ROPGuard,” while DeMott won an MSDN subscription valued   at $10,000 and an additional $10,000 for his approach called “/ROP”.

All three technologies proposed by the finalists should make it harder for attackers to exploit certain types of vulnerabilities,   Carsten said. However, it will take time for them to be implemented properly and vulnerability researchers will probably come   up with different exploit approaches by then, he said.

Fratric’s “ROPGuard” idea has already been implemented in the 3.5 Technology Preview version of Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) — a specialized security   tool that can be used by system administrators to apply exploit mitigation technologies to other applications at runtime.

One of Microsoft’s core strategies is to implement exploit mitigations in its products, said Mike Reavey, senior director   of the Microsoft Security Response Center. It’s already been done with Ivan Fratric’s technique and the other ideas are being   evaluated, he said.

Advertisements
Standard

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s