Hardware-assisted runt-time protection: on balancing security and deployability (DLS in Cybersecurity)

14.02.2019 16:15-17:15

Hardware-assisted runt-time protection: on balancing security and deployability (DLS in Cybersecurity)

14.02.2019, 16:15 – 17:15

Speaker: Prof. N. Asokan, Aalto University, Espoo, Finland | Location: Hochschulstraße 10 (S2|02), Piloty Building, Room C110

Organizer: CRISP / CROSSING


Abstract

Run-time attacks are a prominent attack vector for compromising systems written in memory-unsafe languages like C and C++. Over the last decade there has been significant advances by both researchers and practitioners in understanding and defending against run-time attacks, especially those that attempt to defeat control-flow integrity (CFI). As CFI defenses are gradually being deployed, data-oriented attacks will become increasingly attractive.

Defenses against run-time attacks must consider how to trade-off security, performance and deployability. Fine-grained software-only defenses are effective, but can be prohibitively expensive. Hardware-based defenses can be effective and efficient but can force deployment hurdles. In this talk, I will describe two attempts from our recent work to provide run-time protection, especially for data-oriented attacks. The first, HardScope, is a hardware solution for enforcing lexical scope for variables at run-time. HardScope consists of a small set of proposed processor extensions as well as associated compiler instrumentation. The second, PARTS, is a software solution that makes use of an existing hardware-assisted mechanism in ARM processors for pointer authentication (PA). PARTS consists of a set of techniques that use PA for thwarting run-time attacks.


Short bio

N. Asokan is a professor of computer science at Aalto University where he co-leads the Secure Systems Group and is the founding director of Helsinki-Aalto Center for Information Security -- HAIC. His research interests are broadly in the area of systems security. Recently he has been focussing on various aspects of platform security and the interplay between security / privacy and machine learning. Asokan is an ACM Fellow and an IEEE Fellow and was recently given the ACM SIGSAC award for outstanding innovation. You can find more information on his work at his website or his twitter profile.


Distinguished Lectures Series in Cybersecurity

Mit der Distinguished Lecture Series in Cybersecurity kommen jedes Semester herausragende Experten aus Wissenschaft und Wirtschaft nach Darmstadt, um die vielfältigen Chancen und He­raus­for­de­rung­en im Bereich der IT-Sicherheit zu diskutieren.

Die Redner stellen in den Vorlesungen richtungsweisende Forschungsergebnisse verschiedener Disziplinen vor, fassen komplexe Themenbereiche zusammen und zeigen den momentanen Kenntnisstand ihres Forschungs- oder Arbeitsgebietes auf.

Die Vorträge sind öffentlich. Interessierte Besucher sind herzlich willkommen. Nach der Vorlesung gibt es Möglichkeit zum Austausch bei einem kleinen Buffet vor Ort.

Vergangene Distinguished Lectures in Cybersecurity in Bildern.

zur Liste