Abstract: Memory safety vulnerabilities continue to be a major source of system compromise. While our efforts at hardening software have been effective, they are not enough. In this talk, I will show how removing unneeded code and features, referred to as debloating, can be used for software hardening. Software debloating is a promising technique for improving security without incurring any additional overhead. The main challenge in this area of work is to perform a sound analysis that does not mistakenly identify parts of the code that the program requires, as supplementary. While previous works have focused on reducing code at the userspace program level, I will show how we can achieve much better security guarantees by reducing the OS kernel features accessible by the program. Since userspace programs mainly leverage system calls to interact with the kernel, we will discuss how identifying and filtering the unneeded system calls of a userspace program allows us to neutralize previously disclosed Linux kernel vulnerabilities.

 

I will conclude my talk by discussing how we can further reduce the attack surface by gradually transitioning to memory-safe languages.

Short Bio: Seyedhamed Ghavamnia is a sixth-year Ph.D. candidate in Computer Science at Stony Brook University, advised by Michalis Polychronakis. His research interests lie at the intersection of software security and programming languages. During his Ph.D., Seyedhamed has primarily focused on performing attack surface reduction through software debloating. The main challenge in this area of work is to perform a sound analysis that can maximize code and feature removal without breaking the program. He has published research papers in top security conferences, including IEEE Security and Privacy (S&P), Usenix Security Symposium, ACM CCS, and other prestigious conferences, such as RAID.