Systems Hardening

Systems Hardening  

Seminare	2 SWS / 5 ECTS
Veranstalter:	Marius Momeu
Zeit und Ort:	Preliminary Meeting: Friday, 28 January  2022 / 10 h - Onlinekonferenz Link: https://bbb.in.tum.de/mar-mdy-pv3 Access code: 406511
Beginn:

Description

In this seminar we are going to tackle a variety of security issues (in software and hardware) and state-of-the-art mechanisms that mitigate them (via hardening) or detect them (via fuzzing). Essentially, we are going to cover hardware security extensions, such as features that facilitate memory isolation (e.g., Intel VT-x and MPK) , Trusted Execution Environments (TEEs), and others. Specifically, we are going to assess their applicability (e.g., in systems hardening, VMI, live patching, etc.), and discuss their shortcomings on the respective architecture. Using their capabilities, we are aiming at mitigating memory corruption vulnerabilities in the heap/stack, code-reuse attacks (e.g., ROP), data-oriented attacks (e.g., DOP), enclaved execution (via TEE), and more. Furthermore, we will cover fuzzing mechanisms (automated testing) based on coverage guidance, symbolic execution, and hybrid (using both) mechanisms in the context of low-level software (fuzzing OS kernels, hypervisors, etc.). Fuzzing has been in the spotlight for the past years, with ever growing effectiveness in automatically identifying critical bugs in various software. Finally, we are going to address microarchitectural flaws (such as Spectre, Foreshadow, and variants of them), and how software-based memory management adjustments could mitigate them.

Premeeting

• 28.01.2022 (Friday), 10:00: Online preemeting via BBB
  
  • telco:
    • Link: https://bbb.in.tum.de/mar-mdy-pv3
    • Access code: 406511
• slides
• deadline task for matching prioritization: 20th of February (Sunday), EoD
  
  • check slides for the task instructions

Objectives

• Develop scientific writing skills
• Improve public speaking
• Enhance security-technical skills (secure architecture design + prototyping)

Content

The papers proposed in this seminar tackle the following topics:

• Systems hardening via Intel VT-x, MPK, and others
• TEEs: Intel SGX, ARM TrustZone, AMD-SEV
• Fuzzing low-level software (e.g. the Linux kernel, the Xen hypervisor, etc.)
• Software mitigations against Spectre, Foreshadow, and variants
• Heap hardening
• Memory safety via Rust
• Live patching

Capacity

• 16 students

Disclaimer

• you might find CVEs in Linux/Xen/other software
  
• you might get involved in academic research publications
• you might be invited to play CTFs with us

Useful Prerequisites

In this seminar you should expect to touch a broad set of concepts, including but not limited to:

• Operating systems and hypervisor internals
• C, Assembly, Rust programming (x86, ARM, or AMD)
• Intel/ARM/AMD architectures and hardware extensions
• Binary exploitation know-how
• Symbolic execution