* Faculty       * Staff       * Students & Alumni       * Committees       * Contact       * Institute Directory
* Undergraduate Program       * Graduate Program       * Courses       * Institute Catalog      
* Undergraduate       * Graduate       * Institute Admissions: Undergraduate | Graduate      
* Colloquia       * Seminars       * News       * Events       * Institute Events      
* Overview       * Lab Manual       * Institute Computing      
No Menu Selected

* News


Large-Scale Automated Software Diversity - Programming Language Technology to Enhance System Security

Speaker: Stefan Bruthaler
University of California, Irvine

April 7, 2015 - 11:00 a.m. to 12:00 p.m.
Location: Jonsson-Rowland Science Center 1C13
Hosted By: Dr. Bulent Yener (x6907)


Security is among the most pressing problems in computing today, with high profile breaches receiving notable media coverage and increasingly also impacting daily life. For example, the Sony breach made the headlines and forced Sony to cancel screenings of their movie "The Interview" in the United States. After talking about the current state of cyber-security, including major incidents and estimated economic damages, I will be analyzing the current software ecosystem and identify the primary culprit: the software monoculture. I will then illustrate return-oriented programming (ROP) and show how software diversity effectively mitigates this attack vector. In addition, I will cover important next steps: adaptive diversification to reduce performance impact and active defenses as a new capability. Since there are no rules that attackers have to obey, I will then address another attack vector that is particularly worrisome in cloud environments: side channels. Attackers use side channels to infer valuable information, such as encryption keys or passwords. Next, I will present a new diversification technique that prevents side channel attacks. Since software diversity protects against multiple attack vectors, restricting attacker's mobility and thus significantly raising the bar for attackers.


Stefan Brunthaler received his PhD in 2011 from the Vienna University of Technology under the supervision of Prof. Dr. Jens Knoop, and has been working as Postdoctoral Scholar with Prof. Dr. Michael Franz at the Secure Systems and Languages Laboratory at the University of California, Irvine, since April 2011. At the SSL Lab, his primary research interests are in the areas of language-based security (focusing on software diversity and information-flow tracking) and the efficient implementation of dynamically-typed programming languages (focusing on Python and JavaScript). His contributions include new software defenses, such as active defenses and dynamic diversity, as well as many important optimizations, such as performance-neutral defenses and making the Python interpreter up to 5.5x faster.

Last updated: April 6, 2015