Colloquia - Hovav Shacham/University of California, San Diego, "Iago Attacks: Why The System Call API Is a Bad Untrusted RPC Interface", ACES 2.302

Contact Name: 
Jenna Whitney
Mar 5, 2012 11:00am - 12:00pm

There is a sign-up schedule for this event that can be found at

Type o

f Talk: Colloquia

Speaker/Affiliation: Hovav Shacham/University of Cal

ifornia, San Diego

Talk Audience: UTCS Faculty, Graduate Students,

Undergraduate Students and Outside Interested Parties

Date/Time: Monda

y, March 5, 2012, 11:00 am

Location: ACES 2.302

Host: Vitaly S

hmatikov & CIAS

Talk Title: Iago Attacks: Why The System Call API Is a
Bad Untrusted RPC Interface

In recent years, researchers
have proposed systems for running trusted code on an untrusted operating s

ystem. Protection mechanisms deployed by such systems keep a malicious kern

el from directly manipulating a trusted application''s state. Under such sy

stems, the application and kernel are, conceptually, peers, and the sys

tem call API defines an RPC interface between them.

We introduce Iago

attacks, attacks that a malicious kernel can mount in this model. We show

how a carefully chosen sequence of integer return values to Linux system ca

lls can lead a supposedly protected process to act against its interests,

and even to undertake arbitrary computation at the malicious kernel''s behe


Iago attacks are evidence that protecting applications from malici

ous kernels is more difficult than previously realized.

Joint work wit

h Stephen Checkoway.

Hovav Shacham joined UC San Diego‚s Depa

rtment of Computer Science and Engineering in Fall 2007. Shacham received h

is Ph.D. in computer science in 2005 from Stanford University, where he ha

d also earned, in 2000, an A.B. in English. His Ph.D. advisor was Dan Bon

eh. His thesis, "New Paradigms in Signature Schemes" was runner up for the
Stanford Department of Computer Science''s Arthur L. Samuel Thesis Award,
and was nominated for the ACM Doctoral Dissertation Competition. In 2006 a

nd 2007, he was a Koshland Scholars Program postdoctoral fellow at the Wei

zmann Institute of Science, hosted by Moni Naor. At the Weizmann, Shacham
taught a survey on pairings in cryptography, one of the first such course

s to be offered. In 2007, Shacham participated in California Secretary of

State Debra Bowen''s "Top-to-Bottom" of the voting machines certified for u

se in California. He was a member of the team reviewing Hart InterCivic sou

rce code the report he co-authored was cited by the Secretary in her decisi

on to withdraw approval from Hart voting machines.