Talks at Dependable Systems Lab

War Games in Memory: Towards Deterministically Secure Software

Dr. Mathias Payer (U.C. Berkeley)
June 5, 2013 in BC410 @ 10:00

Memory corruption (e.g., buffer overflows, random writes, memory allocation bugs, or uncontrolled format strings) is one of the oldest and most exploited problems in computer science. These problems are here to stay as low-level languages like C or C++ continue to trade safety for potential performance. A small set of all proposed solutions (e.g., Address Space Layout Randomization, Data Execution Prevention, and stack canaries) is applied in practice but real exploits show that all currently deployed protections can be defeated.

The problems of current protection mechanisms calls for novel approaches towards software protection that adhere to the three laws of software defenses: low overhead for high security guarantees, no changes to the original source code, and compatibility to existing libraries and binaries (including a partial migration strategy).

We present a deterministic protection scheme that uses both a compiler-based framework to implement precise control-flow integrity and a backup user-space virtualization system (building on binary translation) to support legacy code. Such a system controls the execution of all code in user-space, extracts information from all loaded components, and enforces security guarantees for the executed application code with low overhead. We show possible pitfalls and limitations and discuss future extensions and optimizations.

Bio: Mathias Payer is a security nerd and computer science post-doctoral researcher at UC Berkeley where he is part of Dawn Song’s BitBlaze group. His interests are related to system security, binary exploitation, user-space software-based fault isolation, binary translation/recompilation, and (application) virtualization. Mathias graduated from ETH with a Dr. sc. ETH in May 2012. The topic of his thesis focuses on the protection of low-level applications using binary translation and additional security guards. At UC Berkeley he continues this line of thought and broadens the evaluation of different security techniques and evaluates why individual solutions have failed where other, weaker solutions succeeded.


Experimental Program Analysis

Prof. Andreas Zeller (Saarland University)
January 2, 2012 in BC01 @ 1pm

In the past decade, static validation of software systems has made spectacular progresses. However, these techniques face enormous issues with the advent of multi-site, multi-language, multi-vendor programs such as Web applications, which come with no specifications to rely on. In this talk, I present an experimental approach to software analysis, where we generate executions to systematically explore the space of software behavior – and we use the outcome of these executions to guide the search even further. In contrast to static techniques, experimental techniques are applicable to arbitrary executable programs; in contrast to dynamic techniques, they are not limited to just the observed runs. Eventually, experimental techniques will provide precise specifications to allow for large-scale formal verification.

Bio: Andreas Zeller is a full professor for Software Engineering at Saarland University in Saarbrücken, Germany. His research concerns the analysis of large software systems and their development process; his students are funded by companies like Google, Microsoft, or SAP. In 2010, Zeller was inducted as Fellow of the ACM for his contributions to automated debugging and mining software archives. In 2011, he received an ERC Advanced Grant for work on specification mining and test case generation.


An Overview of Smartphone Security and Challenges

Prof. Aurélien Francillon (EURECOM)
September 30, 2011 in BC04 @ 1pm

Only a few years ago phones were used for calls and texting only. However, they quickly evolved to become are one the main computing and Internet access platform. While smarphones can be seen as just small computers, they differ from general purpose computers due to their architecture and usage model. This talk will cover the current state of research in smartphone security as well as challenges in securing smartphones systems. This will include hardware specificities, software security models and the current “malware ecosystems”. In addition to pointing problems we will sketch a few research challenges in solving those issues.

Bio: Aurélien Francillon is an assistant professor in the networking and security group at EURECOM. Prior to that he obtained a PhD from INRIA and he was a postdoctoral researcher in the System Security Group at ETH Zurich. His main centers of interests are in embedded systems, software and network security.


The Road to Trustworthy Systems

Prof. Gernot Heiser (NICTA)
January 10, 2011 in INM201 @ 11am

Computer systems are routinely deployed in life- and mission-critical situations, yet in most cases their security, safety or dependability cannot be assured to the degree warranted by the application. In other words, trusted computer systems are rarely really trustworthy.

We believe that this is highly unsatisfactory, and have embarked on a large research program aimed at bringing reality in line with expectations. In this talk describes NICTA’s research agenda for achieving true trustworthiness in systems. The first phase has been concluded, with the world’s first formal proof of functional correctness of a complete OS microkernel. The second phase, in progress, aims at making dependability guarantees for complete real-world systems, comprising millions of lines of code.

Bio: Gernot Heiser holds the position of Scientia Professor and John Lions Chair of Operating Systems at the University of New South Wales (UNSW), and leads the Trustworthy Embedded Systems (ERTOS) group at NICTA, Australia’s National Centre of Excellence for ICT Research. He joined NICTA at its creation in 2002, and before that was a full-time member of academic staff at UNSW from 1991. His past work included the Mungi single-address-space operating system, several un-broken records in IPC performance, and the best-ever reported performance for user-level device drivers.

In 2006, Gernot with a number of his students founded Open Kernel Labs, now the market leader in secure operating-systems and virtualization technology for mobile wireless devices. The company’s OKL4 operating system, a descendant of L4 kernels developed by his group at UNSW and NICTA, is deployed in more than a billion mobile phones. This includes the Motorola Evoke, the first (and to date only) mobile phone running a high-level OS (Linux) and a modem stack on the same processor core.

In a former life, Gernot developed semiconductor device simulators and models of device physics for such simulators, and pioneered the use of three-dimensional device simulation for the characterisation and optimisation of high-performance silicon solar cells.


A Sybil-proof Distributed Hash Table

Prof. Frans Kaashoek (MIT)
July 9, 2010 in BC-01 @ 2pm

Distributed Hash Tables (DHTs) are a widely-used building block for large-scale distributed systems. They efficiently route requests over an overlay network to the node responsible for a given key. A long-standing open problem with DHTs is defending against Sybil attack, in which an adversary creates many false identities in order to increase its influence and deny service to honest participants. Defending against this attack is challenging because (1) in an open network, creating many fake identities is inexpensive; (2) an attacker can subvert periodic routing table maintenance to increase its influence over time; and (3) specific keys can be targeted by clustering attacks. As a result, without centralized admission control, existing DHTs cannot provide strong availability guarantees. This talk describes Whānau, a new DHT routing protocol, which is both efficient and strongly resistant to the Sybil attack. Joint work with Chris Lesniewski-Laas.

Bio: M. Frans Kaashoek is a professor in MIT’s EECS department and a member of the Computer Science and Artificial Intelligence Laboratory, where he co-leads the Parallel and Distributed Operating Systems group. He received his PhD (1992) from the Vrije Universiteit Amsterdam for his work on group communication in the Amoeba distributed operating system, under the supervision of A.S. Tanenbaum. Frans’s principal field of interest is designing and building computer systems. In collaboration with students and colleagues, his past contributions include the Exokernel operating system, the Click modular router, the RON overlay, the self-certifying file system, the Chord distributed hash table, and the Asbestos/Flume secure operating system. Frans is a member of the US National Academy of Engineering and the recipient of several awards, including the inaugural ACM SIGOPS Mark Weiser award for demonstrating creativity and innovation in operating systems research.


Dolly: Database Provisioning for the Cloud

Dr. Emmanuel Cecchet (U. Mass. Amherst)
May 31, 2010 in INN-326 @ 3pm

The Cloud is an increasingly popular platform for e-commerce applications that can be scaled on-demand in a very cost effective way. Dynamic provisioning is used to autonomously add capacity in multi-tier cloud-based applications that see workload increases. While many solutions exist to provision tiers with little or no state in applications, the database tier remains problematic for dynamic provisioning due to the need to replicate its large disk state.

In this talk, we analyze the challenges of provisioning shared-nothing replicated databases in the cloud. Spawning a new replica not only involves properly configuring the new database instance but also copying the entire database content and synchronizing it with other replicas. We report on about 20 common replication database administration issues that have been experienced with open source and commercial database software in production environments. We compare three popular database cloning techniques in these environments (database native backup/restore tools, filesystem level copy and virtual machine cloning) and show how these different techniques address database replication administration challenges.

We argue that being able to determine state replication time is crucial for provisioning databases. We propose Dolly, a database provisioning system based on a virtual machine cloning technique to spawn database replicas in the cloud. We propose cost models to adapt the provisioning policy to the cloud infrastructure specifics and application requirements. We present an implementation of Dolly in a commercial-grade replication middleware and evaluate database provisioning strategies for a TPC-W workload on a private cloud and on Amazon EC2. By “black-boxing” the database state, Dolly reduces the complexity and latency to spawn replicas, while avoiding the need for complex data manipulations using traditional spawning support tools. Our performance evaluation shows that Dolly can accurately provision database replicas and yield up to a 20-fold reduction in replica spawning times for multi-GB databases when compared to traditional backup-restore tools, while eliminating the risk of configuration errors.


How Google Tests Software

Dr. James A. Whittaker (Google)
May 25, 2010 in INM-200 @ 5:15pm

Google releases software many times every day. Ever wonder what it takes to test in such an environment? This talk will describe test methodology, tools and innovation surrounding the discipline of quality assurance at Google where testers are far outnumbered by developers. Specifically he will present how the webapp-chrome-chromium stack is tested to ensure that Google apps work well on Chrome browser and Chromium operating system. During the talk he presents how Google treats testing activity much like a hospital triages emergency room patients and how game playing metaphors have inspired the development of next generation test automation tools.

Bio: Dr. Whittaker is currently the Engineering Director over engineering tools and testing for Google’s Seattle and Kirkland offices. He holds a PhD in computer science from the University of Tennessee and is the author or coauthor of four textbooks. How to Break Software, How to Break Software Security (with Hugh Thompson) and How to Break Web Software (with Mike Andrews). His latest is Exploratory Software Testing: Tips, Tricks, Tours and Techniques to Guide Test Design and he’s authored over fifty peer-reviewed papers on software development and computer security. He holds patents on various inventions in software testing and defensive security applications and has attracted millions in funding, sponsorship, and license agreements while a professor at Florida Tech. He has also served as a testing and security consultant for dozens of companies and spent 3 years as an architect at Microsoft.