Join our events mailing list to receive information on CUUG events such as our general meetings, special guests, etc.
Don't forget to check our other mailing lists too.
May General Meeting
Deterministic Behaviours are your Attacker's Friend
Speaker: Theo de Raadt, Founder, OpenBSD
Our compute environments depend upon many deterministic behaviours at many layers to give us the reproducible (final) results we want. Therefore an attacker who finds a error in software can create an exploit at home, and then replay the attack on other machines very successfully, since all the intermediate layers are known, identical and reproducible.
Introducing secret non-determinisms into the intermediate layers can perturb aspects of the attack methodology. In 1999 OpenBSD began pushing the stack-protector and address space randomization through a complete Unix ecosystem. Subsets of these methods became commonplace on other platforms in about 10 years.
Twenty years since beginning, we continue with additional approaches to decrease the success rates for attackers, still trying to remove tools from their toolbox. Recent new work in ROP gadget-reduction, per-function stack-protector cookies, and reduction of system abilities via pledge and unveil will be described, as well as some musing about layers which cannot be protected so easily.
Theo de Raadt is widely recognized as a world class security expert. In October 1995, Theo founded the OpenBSD project. OpenBSD is the most secure of the publicly available operating systems.
In 1999, Theo created OpenSSH with other members of OpenBSD. It is now incorporated into all Unix systems plus hundreds of other network enabled products. It has become the most "vendor re-used" piece of open source software, with more than 95% of the SSH market.
Theo was awarded the Free Software Foundation's 2004 Award for the Advancement of Free Software, for recognition as founder and project leader of the OpenBSD and OpenSSH projects. His work has also led to significant contributions to other BSD distributions and GNU/Linux. Of particular note is Theo's work on OpenSSH, his leadership of OpenBSD, his commitment to Free Software and his advancement of network security.
Theo is also well known for his advocacy of free software drivers. He has long been critical of developers of Linux and other free platforms for their tolerance of non-free drivers and acceptance of non-disclosure agreements.
Place 800
800 - 6 Ave. S.W.
Plus-15 Conference Room
There is $2 parking after 16:00 one block north-east of the meeting location, in the underground parkade at McDougall Centre.
5:30 PM, Tuesday, May 28, 2019
Snacks at 17:30. Meeting begins at 18:00.
Attendance is free for CUUG members, or $10 (cash only) at the door for non-CUUG members.
RSVP to office at CUUG if you plan to attend.