[HGI-News-de] HGI-Kolloquium am 12.05.2015: "VC3: Trustworthy Data Analytics in the Cloud using SGX", "On the Difficulty of Preventing Code Reuse Attacks in C++ Applications" und "Cross-Ar­chi­tec­tu­re Bug Se­arch in Bi­na­ry Exe­cu­ta­bles"

[Newsletter des Horst Görtz Instituts]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Sehr geehrte Damen und Herren,

im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Netz- und
Datensicherheit und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, werden Felix Schuster und Jannik Pewny von der RUB am Dienstag,
12.05.2015 um 10 Uhr s.t. in Raum ID 04/401 über folgende Themen referie
ren:

VC3: Trustworthy Data Analytics in the Cloud using SGX
==========================================
We present VC3, the first system that allows users to run distributed
MapReduce computations in the cloud while keeping their code and data
secret, and ensuring the correctness and completeness of their results.
VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating
system and the hypervisor out of the TCB; thus, confidentiality and
integrity are preserved even if these large components are compromised.
VC3 relies on SGX processors to isolate memory regions on individual
computers, and to deploy new protocols that secure distributed MapReduce
computations. VC3 optionally enforces region self-integrity invariants
for all MapReduce code running within isolated regions, to prevent
attacks due to unsafe memory reads and writes. Experimental results on
common benchmarks show that VC3 performs well compared with unprotected
Hadoop; VC3’s average runtime overhead is negligible for its base
security guarantees, 4.5% with write integrity and 8% with read/write
integrity.

Counterfeit Object-oriented Programming: On the Difficulty of Preventing
Code Reuse Attacks in C++ Applications
==========================================
Code reuse attacks such as return-oriented programming (ROP) have become
prevalent techniques to exploit memory corruption vulnerabilities in
software programs. A variety of corresponding defenses has been
proposed, of which some have already been successfully bypassed—and the
arms race continues.
In this paper, we perform a systematic assessment of recently proposed
CFI solutions and other defenses against code reuse attacks in the
context of C++. We demonstrate that many of these defenses that do not
consider object-oriented C++ semantics precisely can be generically
bypassed in practice. Our novel attack technique, denoted as counterfeit
object-oriented programming (COOP), induces malicious program behavior
by only invoking chains of existing C++ virtual functions in a program
through corresponding existing call sites. COOP is Turing complete in
realistic attack scenarios and we show its viability by developing
sophisticated, real-world exploits for Internet Explorer 10 on Windows
and Firefox 36 on Linux. Moreover, we show that even recently proposed
defenses (CPS, T-VIP, vfGuard, and VTint) that specifically target C++
are vulnerable to COOP. We observe that constructing defenses resilient
to COOP that do not require access to source code seems to be
challenging. We believe that our investigation and results are helpful
contributions to the design and implementation of future defenses
against control-flow hijacking attacks.

Cross-Ar­chi­tec­tu­re Bug Se­arch in Bi­na­ry Exe­cu­ta­bles
==========================================
In this paper, we pro­po­se a sys­tem to de­ri­ve bug si­gna­tu­res
for known bugs. We then use these si­gna­tu­res to find bugs in
bi­na­ries that have been de­ploy­ed on dif­fe­rent CPU
ar­chi­tec­tu­res (e.g., x86 vs. MIPS). The va­rie­ty of CPU
ar­chi­tec­tu­res im­po­ses many chal­len­ges, such as the
in­com­pa­ra­bi­li­ty of in­struc­tion set ar­chi­tec­tu­res bet­ween
the CPU mo­dels. We solve this by first trans­la­ting the bi­na­ry
code to an in­ter­me­dia­te re­pre­sen­ta­ti­on, re­sul­ting in
as­si­gnment for­mu­las with input and out­put va­ria­bles. We then
samp­le con­cre­te in­puts to ob­ser­ve the I/O be­ha­vi­or of basic
blocks, which grasps their se­man­ti­cs. Fi­nal­ly, we use the I/O
be­ha­vi­or to find code parts that be­ha­ve si­mi­lar­ly to the bug
si­gna­tu­re, ef­fec­tive­ly re­vea­ling code parts that con­tain the bu
g.
Our pro­to­ty­pe cur­rent­ly sup­ports three in­struc­tion set
ar­chi­tec­tu­res (x86, ARM, and MIPS) and can find vul­nerabi­li­ties
in buggy bi­na­ry code for any of these ar­chi­tec­tu­res. We show
that we can find Heart­bleed vul­nerabi­li­ties, re­gard­less of the
un­der­ly­ing soft­ware in­struc­tion set. Si­mi­lar­ly, we apply our
me­thod to find back­doors in clo­sed-sour­ce firm­ware ima­ges of
MIPS- and ARM-ba­sed rou­ters.

Zu diesen und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind
alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!

Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/Aktuelles/hgi-seminar/

Mit freundlichen Grüßen,
Christoph Bader

- -- 
Dipl.-Math. Christoph Bader

Horst Görtz Institute for IT-Security
Chair for Network and Data Security
Ruhr-University Bochum, Germany

Universitätsstr. 150, ID 2/461
D-44801 Bochum, Germany
http:// www.nds.rub.de

Telefon: +49 (0) 234 / 32-25030


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iQEcBAEBAgAGBQJVTG/UAAoJEO79b5R6Hnz5D60H/2FWC6DkRsaZUvrE9IwfIzHO
ric0TqRagPN6rbOipbWCx26RoHbTkMy8btVVM+fszJ7/ug+fHvJOeAPgIwrvgEkh
3oE8GvUPgdloOxEmrlzkuVyb70UBvjWRb6IlexNXTnzQCkZLHdHBrdHvO0aSvOt6
UwalBegFZSceNSt8D2TgcrGYhemdnjbzGisFwiaZ16j3bsFm4nHNhos6l3QITKP6
c9kZ6UGt/lsHI5aPRZODQVsecil+oN+hRlrwIFic0kX93R9EYwmabA/jQoPQDK2b
X9apa363A/ip+EQqUym7nhgvqQI7QF0n1936zyp6xQhHxWhV4iHGFmsYAy/ugH8=
=UJm4
-----END PGP SIGNATURE-----