Mar 10, 2017
Lopata Hall, Room 101
Defeating Advanced Memory-Error Exploits by Preventing Information Leaks
School of Computer Science
Georgia Institute of Technology
Widely used systems such as operating systems (OS) are implemented in unsafe programming languages for efficiency. Hence, these foundational systems inherently suffer from a variety of memory errors, and the exploitation of memory errors has become a critical attack vector. The past several years have continuously witnessed critical attacks targeting systems belonging to individuals, enterprises, and government agencies. Two typical goals of these attacks are to leak sensitive data and to control victim systems.
In this talk, I will first present that since modern systems widely deploy memory-layout randomization techniques, leaking a randomized code pointer has become a prerequisite for advanced control attacks such as code-reuse attacks. Therefore, preventing information leaks can be a general defense that not only stops data leaks but also defeats control attacks. Then, I will present two systems I developed, UniSan and ASLR-Guard. Specifically, UniSan completely eliminates information leaks caused by reading uninitialized variables (the most common cause) in OS kernels, which has triggered extensive discussions in the Linux and GCC development communities, and resulted in many updates in the Linux kernel, the Android kernel, and the GCC compiler. Similarly, to defeat code-reuse attacks, which always require leaking a code pointer in modern systems, ASLR-Guard either prevents code-pointer leaks or renders the leaks useless in deriving the value of code pointers. While automatically and reliably securing complex systems such as OS kernels and web servers, both UniSan and ASLR-Guard impose negligible performance overhead.
Kangjie Lu is a Ph.D. candidate in Computer Science at the Georgia Institute of Technology. His research interests include security and privacy, programming languages, and operating systems. He is particularly interested in automatically uncovering and addressing fundamental security problems, and securing widely used systems while preserving their reliability and efficiency. In addition to papers published in top-tier security conferences (CCS, NDSS, and USENIX Security), his research has resulted in many important updates in the Linux kernel, the Android OS, and Apple's iOS. During his Ph.D. study, he worked as an intern at NEC Labs America and Samsung Research America, and as a visiting scholar at the Max Planck Institute for Software Systems (MPI-SWS).