Retrofitting Security in Complex Software Systems
HGI » UbiCrypt » Projects

Re­tro­fit­ting Se­cu­ri­ty in Com­plex Soft­ware Sys­tems

1st ad­vi­sor: Holz, 2nd ad­vi­sor: Schwenk

De­s­pi­te the fact that run­ti­me at­tacks on soft­ware are known for about two deca­des, this class of at­tack vec­tors is still one of the major thre­ats in prac­tice today. Such at­tacks com­pro­mi­se the con­trol flow of a vul­nerable ap­p­li­ca­ti­on du­ring run­ti­me based on tech­ni­ques such as stack- or heap-ba­sed over­flows, un­con­trol­led for­mat strings vul­nerabi­li­ties, or in­te­ger over­flows. Many cur­rent sys­tems, es­pe­ci­al­ly em­bed­ded and le­ga­cy ones, offer a large at­tack sur­face, be­cau­se they still de­ploy large amounts of na­ti­ve code im­ple­men­ted in un­safe lan­gua­ges such as C. To de­fend sys­tems against run­ti­me at­tacks, se­ver­al coun­ter­me­a­su­res have been pro­po­sed in the past, in­clu­ding for ex­amp­le stack ca­na­ries, non-exe­cu­ta­ble me­mo­ry, ad­dress space lay­out ran­do­miza­t­i­on, and con­trol flow in­te­gri­ty. Howe­ver, most of them only tar­get a spe­ci­fic at­tack or suf­fer from prac­tical pro­blems that im­pe­de their use in prac­tice. In this dis­ser­ta­ti­on pro­ject, me­thods to re­tro­fit se­cu­ri­ty into com­plex soft­ware sys­tems will be ex­amined and im­ple­men­ted. On the one hand, we want to ex­ami­ne how the se­cu­ri­ty of a given ap­p­li­ca­ti­on can be in­crea­sed if no sour­ce code is avail­able (i.e., the ap­p­li­ca­ti­on is only avail­able in bi­na­ry for­mat), a com­mon pro­blem when dea­ling with em­bed­ded or le­ga­cy sys­tems. On the other hand, we plan to study how com­pi­lers can be ex­ten­ded to in­clu­de se­cu­ri­ty me­cha­nis­ms di­rect­ly into a given pro­gram du­ring the com­pi­la­ti­on phase.

Prof. Thorsten Holz

Prof. Thorsten Holz