The seminar on software security is scheduled for June 5, 2019, featuring expert Robert C. Seacord discussing the risks of software vulnerabilities from compiler optimizations and secure coding practices in C and C++. The event will include a demonstration of Zeus technology that mitigates buffer overflow attacks through dynamic re-encryption of code pointers. Attendees are encouraged to RSVP due to limited space.

1. Seminar on Software Security, Vulnerabilities, and Compiler Optimizations Invitation
I am pleased to invite you to the first Zeus Boston Seminar on June 5, 2019. If you can attend
the seminar please RSVP to Alex G. Lee at alexglee@zeusswdef.com. As space is limited, your
confirmation of attendance ASAP will be greatly appreciated.
In the seminar, secure coding expert Robert C. Seacord with NCC Group will lecture on the
increasing risk of software vulnerabilities resulting from compiler optimizations. Increasingly,
compiler writers are taking advantage of undefined behaviors in the C and C++ programming
languages to improve optimizations. Frequently, these optimizations are interfering with the
ability of developers to perform cause-effect analysis on their source code, that is, analyzing the
dependence of downstream results on prior results. Consequently, these optimizations are
eliminating causality in software and are increasing the probability of software faults, defects,
and vulnerabilities. This seminar reviews some common optimizations, describes how these
can lead to software vulnerabilities, and explains how to avoid these optimizations by writing
correct code free undefined behaviors. Additionally, Robert will lecture on secure coding in C
and C++. He will describe stack smashing attacks that can be used by attackers to overwrite the
return address on the stack and transfer control to arbitrary code. The lecture will examine the
behaviors of the program stack that allow these attacks to succeed, and specific exploit
techniques including code injection, arc injection, and return-oriented programming.
Following Robert's lecture, Alex G. Lee with Zeus SW Defender, LLC will present a demo of
Zeus technology that performs the dynamic re-encryption of code pointers to protect C and C++
software programs from buffer overflow attacks for interception and disclosure of control-flow.
Zeus can successfully mitigate real world cyber-attacks reported in real world attacks described
in CVEs.
Date/Time: June 5 (Wednesday), 2019 13:30 – 16:30
Venue: Residence Inn by Marriott Boston Cambridge at 120 Broadway, 6th St, Cambridge, MA
02142(0.2 miles (a five-minute walk) from Red Line stop/MIT Kendall Square)
Map: https://goo.gl/maps/LBwJqQ4uH39eUUxDA

2. Zeus Details: Patent pending Zeus technology performs the dynamic re-encryption of code
pointers to protect software programs written in the C and C++ programming languages from
buffer overflow attacks for interception and disclosure of control-flow. Zeus can successfully
mitigate real world cyber attacks reported in real world attacks described in CVEs.
As examples, Zeus can block control-flow hijacking caused by a stack buffer overflow
vulnerability CVE-2018-18409 in the open source TCPFLOW project
t(https://github.com/simsong/tcpflow/wiki); CVE-2018-17439 and CVE-2018-15671 of the HDF5
library (https://www.hdfgroup.org/downloads); and CVE-2013-2028 of Nginx web server leaking
a return address byte-by-byte (https://www.rapid7.com/db/vulnerabilities/nginx-cve-2013-2028).
Zeus injects instructions into programs at compile time programs to harden them against buffer
overflows by encrypting and decrypting pointers at runtime. Zeus has low execution time
overhead and does not require any additional security features outside of the program. Because
Zeus can cover zero-day attacks, Zeus dramatically reduces the risks caused by buffer overflow.
Zeus can be implemented in C and C++ Compliers.