Over the past decade, Microsoft has added security features to the Windows platform that help to mitigate risk by making it difficult and costly for attackers to develop reliable exploits for memory safety vulnerabilities. Some examples of these features include Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Visual C++'s code generation security (GS) protection for stack-based buffer overruns. In Windows 8, Microsoft has made a number of substantial improvements that are designed to break known exploitation techniques and in some cases prevent entire classes of vulnerabilities from being exploited. This presentation will provide a detailed technical walkthrough of the improvements that have been made along with an evaluation of their expected impact. In closing, this presentation will look beyond Windows 8 by providing a glimpse into some of the future directions in exploit mitigation research that are currently being explored by Microsoft.
Matt Miller works on the Security Science team within Microsoft's Security Engineering Center (MSEC) where he primarily focuses on researching and developing exploit mitigation technology. Some of Matt's past contributions in this space have included a functional implementation of Address Space Layout Randomization (ASLR) for Windows 2000/XP/2003 and a mitigation for SEH overwrites that is now known as SEHOP. Prior to joining Microsoft, Matt was involved with the Metasploit framework where he helped develop Metasploit 3.0 and contributed features like Meterpreter and VNC injection. Matt also co-founded the Uninformed Journal and has written articles on exploitation techniques, reverse engineering, and program analysis.
Ken Johnson works on the Security Science team within the Microsoft's Security Engineering Center (MSEC), where he primarily focuses on researching, developing, and implementing exploitation mitigation techniques. Ken's prior contributions to the field have included the development of an Address Space Layout (ASLR) implementation for Windows earlier than Vista. He is known for a number of prior articles on security-related, Windows internals, debugging, and reverse engineering topics (often contributed to the Uninformed Journal). Prior to joining Microsoft, Ken developed a number of advanced debugging tools for Windows on his own time, including the first accelerated kernel debugger transport for Windows VMware VMs (VMKD), and a debugger extension capable of importing data from IDA into WinDbg (SDbgExt). He has continued this tradition in recent times, contributing Hyper-V VM debugging support and self-consistent physical machine memory snapshot support to the Sysinternals LiveKd debugging tool.