[HGI-News-de] Änderung der Uhrzeit: HGI-Kolloquium am 12.05.2015 um 11:00 Uhr: 3 Kurzvorträge
Newsletter des Horst Görtz Instituts
hgi-news-deutschland at lists.ruhr-uni-bochum.de
So Mai 10 11:13:55 CEST 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Sehr geehrte Damen und Herren,
im Rahmen des HGI-Kolloquiums, organisiert vom Lehrstuhl für Netz- und
Datensicherheit und dem Horst-Görtz-Institut der Ruhr-Universität
Bochum, werden Felix Schuster und Jannik Pewny von der RUB am Dienstag,
12.05.2015 um *11 Uhr* s.t. in Raum ID 04/401 über folgende Themen
referieren:
VC3: Trustworthy Data Analytics in the Cloud using SGX
==========================================
We present VC3, the first system that allows users to run distributed
MapReduce computations in the cloud while keeping their code and data
secret, and ensuring the correctness and completeness of their results.
VC3 runs on unmodified Hadoop, but crucially keeps Hadoop, the operating
system and the hypervisor out of the TCB; thus, confidentiality and
integrity are preserved even if these large components are compromised.
VC3 relies on SGX processors to isolate memory regions on individual
computers, and to deploy new protocols that secure distributed MapReduce
computations. VC3 optionally enforces region self-integrity invariants
for all MapReduce code running within isolated regions, to prevent
attacks due to unsafe memory reads and writes. Experimental results on
common benchmarks show that VC3 performs well compared with unprotected
Hadoop; VC3’s average runtime overhead is negligible for its base
security guarantees, 4.5% with write integrity and 8% with read/write
integrity.
Counterfeit Object-oriented Programming: On the Difficulty of Preventing
Code Reuse Attacks in C++ Applications
==========================================
Code reuse attacks such as return-oriented programming (ROP) have become
prevalent techniques to exploit memory corruption vulnerabilities in
software programs. A variety of corresponding defenses has been
proposed, of which some have already been successfully bypassed—and the
arms race continues.
In this paper, we perform a systematic assessment of recently proposed
CFI solutions and other defenses against code reuse attacks in the
context of C++. We demonstrate that many of these defenses that do not
consider object-oriented C++ semantics precisely can be generically
bypassed in practice. Our novel attack technique, denoted as counterfeit
object-oriented programming (COOP), induces malicious program behavior
by only invoking chains of existing C++ virtual functions in a program
through corresponding existing call sites. COOP is Turing complete in
realistic attack scenarios and we show its viability by developing
sophisticated, real-world exploits for Internet Explorer 10 on Windows
and Firefox 36 on Linux. Moreover, we show that even recently proposed
defenses (CPS, T-VIP, vfGuard, and VTint) that specifically target C++
are vulnerable to COOP. We observe that constructing defenses resilient
to COOP that do not require access to source code seems to be
challenging. We believe that our investigation and results are helpful
contributions to the design and implementation of future defenses
against control-flow hijacking attacks.
Cross-Architecture Bug Search in Binary Executables
==========================================
In this paper, we propose a system to derive bug signatures
for known bugs. We then use these signatures to find bugs in
binaries that have been deployed on different CPU
architectures (e.g., x86 vs. MIPS). The variety of CPU
architectures imposes many challenges, such as the
incomparability of instruction set architectures between
the CPU models. We solve this by first translating the binary
code to an intermediate representation, resulting in
assignment formulas with input and output variables. We then
sample concrete inputs to observe the I/O behavior of basic
blocks, which grasps their semantics. Finally, we use the I/O
behavior to find code parts that behave similarly to the bug
signature, effectively revealing code parts that contain the bu
g.
Our prototype currently supports three instruction set
architectures (x86, ARM, and MIPS) and can find vulnerabilities
in buggy binary code for any of these architectures. We show
that we can find Heartbleed vulnerabilities, regardless of the
underlying software instruction set. Similarly, we apply our
method to find backdoors in closed-source firmware images of
MIPS- and ARM-based routers.
Zu diesen und sämtlichen weiteren Vorträgen des HGI-Kolloquiums sind
alle Studenten und Interessierten herzlich eingeladen!
Eine Voranmeldung ist nicht erforderlich!
Weitere Informationen gibt es auf folgender Webseite:
http://hgi.rub.de/hgi/Aktuelles/hgi-seminar/
Mit freundlichen Grüßen,
Christoph Bader
- --
Dipl.-Math. Christoph Bader
Horst Görtz Institute for IT-Security
Chair for Network and Data Security
Ruhr-University Bochum, Germany
Universitätsstr. 150, ID 2/461
D-44801 Bochum, Germany
http:// www.nds.rub.de
Telefon: +49 (0) 234 / 32-25030
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJVTyFTAAoJEO79b5R6Hnz5YTQH/0+JDfSvlrgp5ONhq6+AAH2R
y8paWz5HZpyb4505ZaAEAlLpcnGCHZgPmJUvdTd9hTxqHd3vc9lzaLR2MccaTZdS
SOu55eTNCuKvgyMSx2KsNxtdClSF7q8tN9bYjK9hMgCdUKztjBn2q2f3YzEIp6iH
eHYkb0i57AJFLoNQmeSg4rqUKcHoL26gaZowEvn1YwHX5iC36vMJGjzU/dPti/if
6NPhZXnOp4K3AZReMM8YTC5pHKDbA0KGQk4nw0hT4mGnN0GF+wkogFGb2gnjelv7
t9ZDi6LHXcrSh3L+JuZxd0JUk5i5mGI269Utx6InvoZat+RvGQLAjtG98tiAZLQ=
=Iu8K
-----END PGP SIGNATURE-----
Mehr Informationen über die Mailingliste Hgi-News-Deutschland