Speaker: Jun Xu , University of Illinois at Urbana-Champaign
Defeating Security Attacks Through Runtime Mechanisms
Abstract: When software systems are deployed for critical services, implementation defects often times become exploitable security vulnerabilities. Current software engineering practice is not advanced enough for producing bug-free systems. Our study on security databases shows that nearly 60% percent all reported vulnerabilities are due to software implementation defects. Given that such defects will continue to exist, we must build mechanisms to mask their malicious effects.
In this talk, I will present several techniques I developed to defeat security attacks that exploit a broad range of vulnerabilities due to implementation defects. The Transparent Runtime Randomization algorithm (TRR) randomly places critical program data regions and breaks an attacker's assumption of memory layout in the target system. TRR modifies the Linux kernel and dynamic program loader to achieve the goal. By changing the GNU C compiler (gcc), the Control Data Randomization algorithm randomly encodes critical program data to foil security attacks. Both TRR and CDR incur only small runtime overhead. I also explored the potential of processor level mechanisms in defeating security attacks. The Secure Return Address Stack (SRAS) enhances existing architectural facility to defeat stack-based buffer overflow attacks. Finally, I will briefly present the Reliability and Security Processor Engine currently being investigated.
Short Bio: Jun Xu is a Ph.D. candidate in the Center for Reliable and High-Performance Computing (CRHC), the University of Illinois at Urbana-Champaign. He is interested in exploring operating system, compiler and architecture mechanisms for security and dependability. He is also interested in evaluation, validation, and measurement-based analysis of dependability and security. Between 96 and 97, he was a software engineer at Apple Computer and developed, arguably, the first customizable Chinese input method. Jun received his B.S. degree from Beijing University in 1996 and M.S. degree from University of Pittsburgh in 1998, both in computer science.
Host: Robert Fornaro and Mladen Vouk, Computer Science, NCSU
Colloquia Home Page. ����