Chengyun Chu is a Senior Security Development lead of MSRC Engineering defense team. He joined Microsoft in 2001. He and his defense team generate mitigations and workarounds for use in the monthly Microsoft security bulletins, provide detailed vulnerability documentation for MSRC cases, and act as the engineering technical lead for the Microsoft company-wide Software Security Incident Response Process.
Over the past decade, Microsoft has added security features to the Windows platform that help to mitigate risk by making it difficult and costly for attackers to develop reliable exploits for memory safety vulnerabilities. Some examples of these features include Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and Visual C++'s code generation security (GS) protection for stack-based buffer overruns. In Windows 8, Microsoft has made a number of substantial improvements that are designed to break known exploitation techniques and in some cases prevent entire classes of vulnerabilities from being exploited. This presentation will provide a detailed technical walkthrough of the improvements that have been made along with an evaluation of their expected impact. In closing, this presentation will look beyond Windows 8 by providing a glimpse into some of the future directions in exploit mitigation research that are currently being explored by Microsoft.