Hardware-assisted run-time protection: on balancing security and deployability (DLS in Cybersecurity)

14.02.2019, 16:15 – 17:15

2019/02/14 16:15-17:15

Speaker: Prof. N. Asokan, Aalto University, Espoo, Finland | Location: Hochschulstraße 10 (S2|02), Piloty Building, Room C110

Organizer: CROSSING / GRK Privacy & Trust / CRISP


Abstract

Run-time attacks are a prominent attack vector for compromising systems written in memory-unsafe languages like C and C++. Over the last decade there has been significant advances by both researchers and practitioners in understanding and defending against run-time attacks, especially those that attempt to defeat control-flow integrity (CFI). As CFI defenses are gradually being deployed, data-oriented attacks will become increasingly attractive.

Defenses against run-time attacks must consider how to trade-off security, performance and deployability. Fine-grained software-only defenses are effective, but can be prohibitively expensive. Hardware-based defenses can be effective and efficient but can force deployment hurdles. In this talk, I will describe two attempts from our recent work to provide run-time protection, especially for data-oriented attacks. The first, HardScope, is a hardware solution for enforcing lexical scope for variables at run-time. HardScope consists of a small set of proposed processor extensions as well as associated compiler instrumentation. The second, PARTS, is a software solution that makes use of an existing hardware-assisted mechanism in ARM processors for pointer authentication (PA). PARTS consists of a set of techniques that use PA for thwarting run-time attacks.


Short bio

N. Asokan is a professor of computer science at Aalto University where he co-leads the Secure Systems Group and is the founding director of Helsinki-Aalto Center for Information Security -- HAIC. His research interests are broadly in the area of systems security. Recently he has been focussing on various aspects of platform security and the interplay between security / privacy and machine learning. Asokan is an ACM Fellow and an IEEE Fellow and was recently given the ACM SIGSAC award for outstanding innovation. You can find more information on his work at his website or his twitter profile.


Distinguished Lectures Series in Cybersecurity

With the Distinguished Lectures Series in Cybersecurity, every semester, we invite outstanding experts from science and industry to Darmstadt to discuss the multifaceted prospects and challenges of IT Security. In the lectures, the speakers present the results of trendsetting research from a variety of disciplines, give overviews of complex topics or show the current state of knowledge in their field of research. The lectures are free and open for everybody without prior registration.

After the lecture there is the possibility to get together.

See past Distinguished Lectures in Cybersecurity in pictures.