Low-Level Software Security
Low-Level Software Security
Praktika | 6 SWS / 10 ECTS |
Veranstalter: | Marius Momeu |
Zeit und Ort: | Contact: Marius Momeu - momeu@sec.in.tum.de Preliminary Meeting: Tuesday, 19.07.2022 / 10.00 h / Room: 01.08.033 |
Beginn: |
Premeeting
Description
In this practical lab we are going to tackle a variety of memory safety issues in low-level software (s.a. operating systems, hypervisors, firmware, or libraries) and state-of-the-art mechanisms that either mitigate them via software hardening (CFI/DFI, memory isolation, software debloating, sandboxing) or detect them via software testing (s.a. static/dynamic analysis, fuzzing, symbolic execution). The proposed topics will be applied in the context of the most popular processor architectures, s.a. ARM and x86 (Intel and AMD), with a slight focus on IoT devices and cloud server nodes.
Generally, each student team (made of two members) will get assigned at the beginning of the lab a (unique) topic proposal defined by the supervisors. You can also choose to work on a topic proposed by you. Then, throughout the semester you will work on implementing a prototype for the assigned topic and evaluate it in the proposed use-cases. Finally, you will write a report about your findings and present them in a final talk at the end of the semester. Our topics will be based on state-of-the-art research in the area of systems hardening and low-level software.
For example, you may have to implement a prototype based on hardware security extensions, such as features that facilitate memory integrity/isolation (e.g., ARM's PAC or MTE, or Intel's VT-x and MPK), which aims to mitigate nefarious memory corruption vulnerabilities (s.a. heap/stack overflows that lead to the corruption of pointer or sensitive data), e.g. in operating system kernels. Additionally, you may have to implement (parts of) a static analyzer prototype for extracting the CFG of the Linux kernel using the LLVM framework, and leverage it to install CFI or DFI policies that can mitigate code-reuse attacks (e.g., ROP/JOP) or data-oriented attacks (e.g., DOP). Moreover, you may write components of a hypervisor fuzzer and spawn them to find crashes in popular hypervisors s.a. Xen or KVM. The catalog of topics will include much more!
Capacity
- 16 students (8 teams)
Matching
The following will grant you a higher priority in the matching, however, they are not mandatory:
- attended previous courses at the chair (e.g. BX, RKP, SysHard, IT Sec, etc.)
- submitting a 1-page letter of motivation (details in the preemeting slides above)
- attending the premeeting
Useful Prerequisites
As an optional self-evaluation exercise to check your readiness for this course:
- build the Linux kernel and spawn a Qemu/KVM with the built image
In this practical lab you should expect to touch on a broad set of concepts, including but not limited to:
- Operating system and hypervisor internals
- C/C++, Assembly, Rust programming (x86, ARM, or AMD)
- Intel/ARM/AMD architectures and hardware extensions
- Binary exploitation know-how
- Program analysis frameworks (s.a. LLVM's IR)testing