Large-Scale Automated Software Diversity - Programming
Language Technology to Enhance System Security
Speaker: Stefan Bruthaler
University of California, Irvine
April 7, 2015 - 11:00 a.m. to 12:00 p.m.
Location: Jonsson-Rowland Science Center 1C13
Hosted By: Dr. Bulent Yener (x6907)
Security is among the most pressing problems in computing today, with high profile breaches receiving notable media coverage and increasingly also impacting daily life. For example, the Sony breach made the headlines and forced Sony to cancel screenings of their movie "The Interview" in the United States. After talking about the current state of cyber-security, including major incidents and estimated economic damages, I will be analyzing the current software ecosystem and identify the primary culprit: the software monoculture. I will then illustrate return-oriented programming (ROP) and show how software diversity effectively mitigates this attack vector. In addition, I will cover important next steps: adaptive diversification to reduce performance impact and active defenses as a new capability.
Since there are no rules that attackers have to obey, I will then address another attack vector that is particularly worrisome in cloud environments: side channels. Attackers use side channels to infer valuable information, such as encryption keys or passwords. Next, I will present a new diversification technique that prevents side channel attacks. Since software diversity protects against multiple attack vectors, restricting attacker's mobility and thus significantly raising the bar for attackers.
Last updated: April 6, 2015