Speaker Name/Affiliation: Hov

av Shacham Weizmann Institute of Science

Date/Time: Thursday Marc

h 29 2007 11:00 a.m.- Noon

coffee: 10:45 a.m.

Location: A

CES 2.302

Host: Vitaly Shmatikov

Talk Title: Buffer Overflo

ws and Group Signatures: Recent Results in Security and Cryptography

Talk Abstract:
We analyze the effectiveness of two techniques intended

to
make it harder for attackers to exploit vulnerable programs:
W-x

or-X and ASLR. W-xor-X marks all writable locations
in a process'' add

ress space nonexecutable. ASLR randomizes
the locations of the stack

heap and executable code in
an address space. Intel recently added ha

rdware to its processors (the XD bit) to ease W-xor-X implementation. Micro

soft Windows Vista ships with W-xor-X and ASLR. Linux (via the PaX project

) and Open BSD also include support for both.

We find that both meas

ures are less effective than previously
thought on the x86 at least.

A new way of organizing exploits
allows the attacker to perform arbitra

ry computation using
only code already present in the attacked process'

' address
space so code injection is unnecessary. Exploits organized

in the new way chain together dozens of short instruction
sequences
each just two or three instructions long. Because
of the properties

of the x86 instruction set these sequences
might not have been intenti

onally compiled into the binary;
we find them by means of static analy

sis. Furthermore the effective
entropy of PaX ASLR can be searched by

brute force. The attack takes just a few minutes to mount over the network

.

Group signatures are a variant of digital signatures that
prov

ides anonymity for signers. Any member of a group can
sign messages b

ut the resulting signature keeps the identity
of the signer secret. In
some systems there is a third party that can undo the signature anonymity

(trace) using a special trapdoor. New applications for group signatures in

clude the trusted computing initiative (TCPA) and vehicle safety ad-hoc net

works (DSRC). In each
case group signatures provide privacy guarantee

s for tamper-resistant
embedded devices.

We describe a short gro

up signature scheme. Signatures in our scheme are approximately the size o

f a standard RSA signature with the same security. The mathematical settin

g for our scheme is certain elliptic curves featuring an efficiently comput

able bilinear map a setting that has proved fruitful in recent years. We