Securing Code in a More Trustworthy Fashion (DLS in Cybersecurity)

20.11.2014, 16:15 – 17:15

2014/11/20 16:15-17:15

Speaker: Greg Morrisett, Harvard University, USA | Location: Hochschulstraße 10 (S2|02), Piloty Building, Room C110

Organizer: CASED, CROSSING and EC SPRIDE

Abstract

Much of our computing infrastructure is still built using C and C++, in spite of overwhelming language-level problems that lead to security exploits. I will discuss a range of compiler-oriented techniques that researchers have explored to try and harden C/C++ code.

In one corner, we have techniques such as Software Fault Isolation (SFI) that have low overhead, and guarantee to enforce a particular security policy. However, the SFI policy is relatively coarse-grained, and as such doesn't block important attacks. In another corner is the Secure Virtual Architecture (SVA) which enforces a fine-grained integrity policy and manages to thwart a wide range of attacks. However, SVA and related techniques can have high overhead for some code, and will generally break more programs than SFI.

All of these techniques depend upon compiler transformations, optimizations, and/or analyses that could lead to a large trusted computing base (TCB). So I will also discuss recent research that helps to minimize the TCB via machine-checked proofs of correctness.

Short Bio

Website of Greg Morrisett at Cornell Universiy.