[HGI-News-de] HGI-Kolloquium am 16.04..2015: "Software Defenses Inspired by Biodiversity"

Mo Apr 13 13:40:03 CEST 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sehr geehrte Damen und Herren,

im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Netz- und
Datensicherheit und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, wird Michael Franz von der UC Irvine am Donnerstag, 16.04.2015
um 12 Uhr s.t. in Raum ID 03/463 über folgendes Thema referieren:

"Today's software monoculture creates asymmetric threats. An attacker
needs to find only one way in, while defenders need to guard a lot of
ground. Adversaries can fully debug and perfect their attacks on their
own computers, exactly replicating the environment that they will
later be targeting. Software diversity raises the bar to attackers. A
diversification engine automatically generates a large number of
different versions of the same program, potentially one unique version
for every computer. These all behave in exactly the same way from the
perspective of the end-user, but they implement their functionality in
subtly different ways. As a result, a specific attack will succeed on
only a small fraction of targets and a large number of different
attack vectors would be needed to take over a significant percentage
of them. Because an attacker has no way of knowing a priori which
specific attack will succeed on which specific target, this method
also very significantly increases the cost of attacks directed at
specific targets. We have built such a diversification engine which is
now available as a prototype. We can diversify large software
distributions such as the Firefox and Chromium web browsers or a
complete Linux distribution. Some preliminary insights will be
presented as well as some practical issues, such as the problem of
reporting errors when every binary is unique."

Über den Vortragenden:
Michael Franz is the director of the Secure Systems and Software
Laboratory at the University of California, Irvine (UCI). He is a Full
Professor of Computer Science in UCI's Donald Bren School of
Information and Computer Sciences and a Full Professor of Electrical
Engineering and Computer Science (by courtesy) in UCI's Henry Samueli
School of Engineering. Prof. Franz was an early pioneer in the areas
of mobile code and dynamic compilation. He created an early
just-in-time compilation system, contributed to the theory and
practice of continuous compilation and optimization, and co-invented
the trace compilation technology that eventually became the JavaScript
engine in Mozilla’s Firefox browser. Franz received a Dr. sc. techn.
degree in Computer Science (advisor: Niklaus Wirth) and a Dipl.
Informatik-Ing. ETH degree, both from the Swiss Federal Institute of
Technology, ETH Zurich.

Zu diesem und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind
alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!

Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/Aktuelles/hgi-seminar/

Mit freundlichen Grüßen,
Christoph Bader

- -- 
Dipl.-Math. Christoph Bader

Horst Görtz Institute for IT-Security
Chair for Network and Data Security
Ruhr-University Bochum, Germany

Universitätsstr. 150, ID 2/461
D-44801 Bochum, Germany
http:// www.nds.rub.de

Telefon: +49 (0) 234 / 32-25030

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJVK6sTAAoJEO79b5R6Hnz5EWAIAKSVRRSKo16cMessyoqZHV/2
0d06yFmWy++hz3G1tcYsp0hlYNuuuuqBgUqw+X08VcoONDrJhb+CI4u6nuv8q3w+
9zCIIz+BkjAq5UZkS3HcJVDQx+s+06nLDgnGQzUyVX7oaVYD1k+UIyPe7PpIvbPv
Se9DBuG0AeB8afhJ0Jea6kMenPkWijGf/rdQKmn78gCe2c996cm1gVZ40xWnxCFb
cH31lriPbCh2h3cCPgfuEx2+6KNs9rtO9SWQ/wgTQPSO8JHpuisR9sd4yeEQNg80
uF6Vt+iqDkzXiwtX186N0nYE+xoabcFjd+OVHlGw8j9qgdV7TB5uRCHiNi5H4eY=
=9JRL
-----END PGP SIGNATURE-----