HGI-Kolloquium

Jedes Semester wird das HGI-Kolloquium zu aktuellen Themen der IT-Sicherheit angeboten. Es wird von den Lehrstühlen des Institutes organisiert und ist für alle interessierten Personen offen, externe Gäste sind immer willkommen. Wenn Sie den HGI-Newsletter abonnieren, bekommen Sie die Vortragsankündigungen rechtzeitig per E-Mail (Newsletter abbonieren).

Das Seminar findet in der Regel donnerstags um 12:00 Uhr im Gebäude ID auf Etage 03 in Raum 463 statt (Wegbeschreibung).

Dieses Semester wird das Seminar vom Lehrstuhl für Netz- und Datensicherheit organisiert. Untenstehend finden Sie eine ­Liste der geplante­n Termine und Vorträge für das ganze Semester. Falls nicht anders angekündigt, finden alle Vorträge um 12.00 Uhr s.t. statt.

Datum Vortragende Person Zugehörigkeit Titel Raumnummer Beginn
16.04.2015 Michael Franz UC Irvine Software Defenses Inspired by Biodiversity ID 03/463 12:00 Uhr
12.05.2015 Felix Schuster RUB VC3: Trustworthy Data Analytics in the Cloud using SGX und Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications (Probevorträge für IEEE Security & Privacy 2015) ID 04/401 11:00 Uhr
12.05.2015 Jannik Pewny RUB Cross-Ar­chi­tec­tu­re Bug Se­arch in Bi­na­ry Exe­cu­ta­bles (Probevortrag für IEEE Security & Privacy 2015) ID 04/401 11:00 Uhr
21.05.2015 Allison Lewko Columbia University Function Hiding Inner Product Encryption ID 03/463 12:00 Uhr
25.06.2015 Ricardo Chaves TULisbon/IST Secure partial dynamic reconfiguration of reconfigurable devices ID 03/463 12:00 Uhr
14.07.2015 Daniele Venturi Sapienza University of Rome Security of Signature Schemes under Tampering and Subversion Attacks ID 04/401 12:00 Uhr
16.07.2015 Begül Bilgin KU Leuven Theoretical and Practical Aspects of Threshold Implementation ID 03/463 12:00 Uhr

Software Defenses Inspired by Biodiversity

Today's software monoculture creates asymmetric threats. An attacker needs to find only one way in, while defenders need to guard a lot of ground. Adversaries can fully debug and perfect their attacks on their own computers, exactly replicating the environment that they will later be targeting. Software diversity raises the bar to attackers. A diversification engine automatically generates a large number of different versions of the same program, potentially one unique version for every computer. These all behave in exactly the same way from the perspective of the end-user, but they implement their functionality in subtly different ways. As a result, a specific attack will succeed on only a small fraction of targets and a large number of different attack vectors would be needed to take over a significant percentage of them. Because an attacker has no way of knowing a priori which specific attack will succeed on which specific target, this method also very significantly increases the cost of attacks directed at specific targets. We have built such a diversification engine which is now available as a prototype. We can diversify large software distributions such as the Firefox and Chromium web browsers or a complete Linux distribution. Some preliminary insights will be presented as well as some practical issues, such as the problem of reporting errors when every binary is unique.

VC3: Trustworthy Data Analytics in the Cloud using SGX

We present VC3, the first system that allows users to run distributed MapReduce computations in the cloud while keeping their code and data secret, and ensuring the correctness and completeness of their results. VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating system and the hypervisor out of the TCB; thus, confidentiality and integrity are preserved even if these large components are compromised. VC3 relies on SGX processors to isolate memory regions on individual computers, and to deploy new protocols that secure distributed MapReduce computations. VC3 optionally enforces region self-integrity invariants for all MapReduce code running within isolated regions, to prevent attacks due to unsafe memory reads and writes. Experimental results on common benchmarks show that VC3 performs well compared with unprotected Hadoop; VC3’s average runtime overhead is negligible for its base security guarantees, 4.5% with write integrity and 8% with read/write integrity.

Counterfeit Object-oriented Programming: On the Difficulty of Preventing Code Reuse Attacks in C++ Applications

Code reuse attacks such as return-oriented programming (ROP) have become prevalent techniques to exploit memory corruption vulnerabilities in software programs. A variety of corresponding defenses has been proposed, of which some have already been successfully bypassed—and the arms race continues. In this paper, we perform a systematic assessment of recently proposed CFI solutions and other defenses against code reuse attacks in the context of C++. We demonstrate that many of these defenses that do not consider object-oriented C++ semantics precisely can be generically bypassed in practice. Our novel attack technique, denoted as counterfeit object-oriented programming (COOP), induces malicious program behavior by only invoking chains of existing C++ virtual functions in a program through corresponding existing call sites. COOP is Turing complete in realistic attack scenarios and we show its viability by developing sophisticated, real-world exploits for Internet Explorer 10 on Windows and Firefox 36 on Linux. Moreover, we show that even recently proposed defenses (CPS, T-VIP, vfGuard, and VTint) that specifically target C++ are vulnerable to COOP. We observe that constructing defenses resilient to COOP that do not require access to source code seems to be challenging. We believe that our investigation and results are helpful contributions to the design and implementation of future defenses against control-flow hijacking attacks.

Cross-Ar­chi­tec­tu­re Bug Se­arch in Bi­na­ry Exe­cu­ta­bles

In this paper, we pro­po­se a sys­tem to de­ri­ve bug si­gna­tu­res for known bugs. We then use these si­gna­tu­res to find bugs in bi­na­ries that have been de­ploy­ed on dif­fe­rent CPU ar­chi­tec­tu­res (e.g., x86 vs. MIPS). The va­rie­ty of CPU ar­chi­tec­tu­res im­po­ses many chal­len­ges, such as the in­com­pa­ra­bi­li­ty of in­struc­tion set ar­chi­tec­tu­res bet­ween the CPU mo­dels. We solve this by first trans­la­ting the bi­na­ry code to an in­ter­me­dia­te re­pre­sen­ta­ti­on, re­sul­ting in as­si­gnment for­mu­las with input and out­put va­ria­bles. We then samp­le con­cre­te in­puts to ob­ser­ve the I/O be­ha­vi­or of basic blocks, which grasps their se­man­ti­cs. Fi­nal­ly, we use the I/O be­ha­vi­or to find code parts that be­ha­ve si­mi­lar­ly to the bug si­gna­tu­re, ef­fec­tive­ly re­vea­ling code parts that con­tain the bug. Our pro­to­ty­pe cur­rent­ly sup­ports three in­struc­tion set ar­chi­tec­tu­res (x86, ARM, and MIPS) and can find vul­nerabi­li­ties in buggy bi­na­ry code for any of these ar­chi­tec­tu­res. We show that we can find Heart­bleed vul­nerabi­li­ties, re­gard­less of the un­der­ly­ing soft­ware in­struc­tion set. Si­mi­lar­ly, we apply our me­thod to find back­doors in clo­sed-sour­ce firm­ware ima­ges of MIPS- and ARM-ba­sed rou­ters.

Function Hiding Inner Product Encryption

We present a functional encryption scheme for dot products over finite fields that allows a key holder to learn a dot product between two hidden vectors and nothing else. The scheme is proven secure from the SXDH assumption in asymmetric bilinear groups. We view this as a step towards functional encryption schemes appropriate for applications on encrypted databases and relying only on relatively simple computational assumptions. Joint work with Abhishek Jain and Luke Kowalczyk.

Secure partial dynamic reconfiguration of reconfigurable devices

Reconfigurable systems are becoming a key component in dedicated and embedded computing systems, providing a high adaptability to the computation requirements. However, the existing solutions for secure partial dynamic reconfiguration on SRAM based FPGAs impact the reconfiguration process and the available resources. This talk presents an overview on partial dynamic reconfiguration and the security issues related with it. This discussion will take into account the native features of the devices, the existing state of the art, and a novel approach allowing to securely store the configuration bitstreams on external non secure memories.

Security of Signature Schemes under Tampering and Subversion Attacks

Signature schemes are amongst the most basic and fundamental cryptographic primitives. In this talk we survey recent work on models and constructions for signature schemes under memory tampering, randomness tampering, and subversion attacks.

This line of work is inspired by the proliferation of side channel and malware attacks, and by Snowden's recent revelations about NSA surreptitiously sabotaging cryptographic implementations.

Based on joint works with Sebastian Faust, Pratyay Mukherjee, Ivan Damgaard, Giuseppe Ateniese and Bernardo Magri.

Theoretical and Practical Aspects of Threshold Implementation

Threshold Implementation (TI) is a masking method based on secret sharing and multi-party computation. It has been shown that it provides security against higher-order DPA in a rather efficient way. The security of this method is based on the correctness, the non-completeness and the uniformity of the shared function in addition to the uniformity of the input shares. In this talk, we describe these properties and how they can be achieved on certain cryptographic algorithms in detail. Moreover, we discuss the implication of each property on the implementation requirements.