Faculty Recruitment - Andrea Bittau, "Practical and Principled Security"

Contact Name: 
Katie Dahm
Location: 
GDC 2.216
Date: 
Apr 15, 2014 11:00am - 12:00pm

Signup Schedule: http://apps.cs.utexas.edu/talkschedules/cgi/list_events.cgi

Talk Audience: UTCS Faculty, Grads, Undergrads, Other Interested Parties

Host: Emmett Witchel

Talk Abstract: Most deployed defenses in software security are point solutions to specific attacks, leading to an arms race. Unfortunately many principled solutions remain undeployed partly due to complexity, but possibly also because of the false sense of security people perceive from point solutions. So are deployed solutions really good enough in practice? If not, how can we make principled solutions more practical and deployable?

Modern deployed protection mechanisms can in fact be defeated, as we show with our new Blind Return Oriented Programming (BROP) attack. Using BROP we exploited a recent vulnerability in the nginx web server, running on 64-bit Linux with ASLR, NX and canaries enabled. BROP also shows that hackers can sometimes exploit proprietary services for which the source and binary are unknown.

While there are established security principles that could have prevented BROP, unfortunately they are not deployed. For example, privilege separation suggests to split high-privilege applications into multiple lesser-privilege components. How to achieve this ideal in practice is not obvious: how do we split existing code, and how do we make the resulting decomposed system run fast? I'll briefly present Wedge, a privilege separation system that helps splitting existing code, and then focus on Dune, a generic platform that makes principled security practical: Dune leverages modern CPU hardware to make systems like Wedge run fast. Dune enables practical performance improvements in a range of applications beyond security, as well.

Speaker Bio: Andrea Bittau is a research associate at Stanford's Secure Computer Systems group. Some of his recent work includes: BROP, a technique for attacking proprietary services without either binary or source-code knowledge tcpcrypt, a TCP option for opportunistic encryption and Dune, a system that lets applications have direct access to privileged CPU features (page tables, ring protections) in a safe manner. Andrea holds a BSc and PhD in computer science from University College London.