TUM Logo

Systems Hardening

Systems Hardening  

Seminare 2 SWS / 5 ECTS
Veranstalter: Marius Momeu
Zeit und Ort:

Preliminary Meeting: Tuesday, 13 July 2021 at 10.00 h - video conference

Beginn:

The lecture is given in english
The slides are available in english

Description

In this seminar we are going to tackle a variety of security issues (in software and hardware) and state-of-the-art mechanisms that mitigate them (via hardening) or detect them (via fuzzing). Essentially, we are going to cover hardware security extensions, such as features that facilitate memory isolation (e.g., Intel VT-x and MPK) , Trusted Execution Environments (TEEs), and others. Specifically, we are going to assess their applicability (e.g., in systems hardening, VMI, live patching, etc.), and discuss their shortcomings on the respective architecture. Using their capabilities, we are aiming at mitigating memory corruption vulnerabilities in the heap/stack, code-reuse attacks (e.g., ROP), data-oriented attacks (e.g., DOP), enclaved execution (via TEE), and more. Furthermore, we will cover fuzzing mechanisms (automated testing) based on coverage guidance, symbolic execution, and hybrid (using both) mechanisms in the context of low-level software (fuzzing OS kernels, hypervisors, etc.). Fuzzing has been in the spotlight for the past years, with ever growing effectiveness in automatically identifying critical bugs in various software. Finally, we are going to address microarchitectural flaws (such as Spectre, Foreshadow, and variants of them), and how software-based memory management adjustments could mitigate them.

Premeeting

  • slides
  • deadline of the task for matching prioritization: 25th of July (Sunday)
    • check the slides for the task's instructions

Schedule

Objectives

  • Develop scientific writing skills
  • Improve public speaking
  • Enhance security-technical skills (secure architecture design + prototyping)

Content

The papers proposed in this seminar may tackle the following topics:

  • Systems hardening via Intel VT-x, MPK, and other CPU technologies, in the context of OS kernels, unikernels, microkernels, etc.
  • Fuzzing low-level software (e.g., the Linux kernel, the Xen hypervisor, etc.)
  • Static program analysis (especially focusing on large software s.a. the LK)
  • Exploitation against HW extensions (AMD-SEV-*, Intel CET, etc.)
  • Systems hardening via TEEs: Intel SGX, ARM TrustZone, AMD-SEV
  • Software mitigations against Spectre, Foreshadow, and variants
  • Heap hardening
  • Live patching

Capacity

  • 10 students

Disclaimer

  • you might find CVEs in Linux/Xen/other software
  • you might get involved in academic research publications
  • you might be invited to play CTFs with us

Useful Prerequisites

In this seminar you should expect to touch a broad set of concepts, including but not limited to:

  • Operating systems and hypervisor internals
  • C/C++, Assembly (x86, ARM, or AMD), Rust programming, scripting
  • Intel/ARM/AMD architecture and hardware extensions
  • Binary exploitation know-how
  • Static program analysis via LLVM
  • Compiling, linking