TUM Logo

Systems Hardening

Systems Hardening  

Seminare 2 SWS / 5 ECTS
Veranstalter: Marius Momeu
Zeit und Ort:

Wed, 14:00 – 16:00 (biweekly), room 01.08.033 or via Zoom (more tba)
Beginn: 2021-01-14

The lecture is given in english
The slides are available in english
The exam will be in english

Abstract/Description:

Memory corruption vulnerabilities, such as memory buffer overflows or heap mismanagement bugs, introduced by programming mistakes, can lead to complete systems compromise when exploited by malicious adversaries. In the presence of such weaknesses, an attacker usually relies on data-oriented and code-reuse attack strategies, at the User-Space, Kernel-Space, and Hypervisor-Space levels to gain full control of the victim system. Although these topics have been highly addressed by the security community and processor vendors, emerging processor technologies, such as virtualization techniques, and new processor innovations open novel opportunities for enhancing existing approaches by improving the performance, memory utilization, and security dimensions. In this seminar, we are going to focus on low-level software components from two different angles: designing defense mechanisms that prevent successful exploits in the presence of memory corruption vulnerabilities, and addressing automated fuzzing frameworks for preventing memory corruption vulnerabilities.

 

Course Schedule:

  • 13.07.2020, 10:00: Pilot - Preliminary online meeting via BBB [slides]
  • 26.07.2020, 23:59: Deadline for the qualification task (details below)
  • 04.11.2020, 10:00: Episode #0 - 1st seminar meeting
  • 18.11.2020, 10:00: Episode #1 - 2nd seminar meeting
  • ...

 

Qualification Task:

  • goal: write a Linux kernel module to extract the secret flag from the hypervisor running on our server
  • resources: download the exact challenge instructions and resources here

 

Objectives:

  • develop scientific paper writing skills (intermediate draft + final paper)
  • improve presentation skills
  • enhance security-technical skills (designing secure architectures + prototyping)

    

Contents:

  • Intro/Recap: Intel & ARM architectures, virtualization extensions in the context of security, attacks topology
  • Memory Isolation, Data-Pointer Integrity, Information Hiding (to prevent Data-Oriented Attacks)
  • Code Isolation, Control-Flow Integrity, Code-Pointer Integrity (to prevent Code-Reuse Attacks)
  • Heap Hardening in User- & Kernel-Space
  • Hypervisor & Kernel Fuzzing
  • Explore new processor technologies in the context of systems hardening
  • All of the above apply to both Intel x86-64 and ARM processor architectures

 

Disclaimer:

  • you might find CVEs in Linux/Xen/KVM
  • you might get involved in academic research publications
  • you might be invited to play CTFs with us

 

Prerequisites:

  • Operating Systems
  • C & Assembly Programming (x86 & ARM)
  • Intel/ARM Architectures and Virtualization Extensions (useful)
  • Binary Exploitation Know-How (useful)

 

Max # of participants:

  • 10 (5 teams x 2)

 

Literature: