Enforcing Control-Flow Integrity System-Wide
Thursday, Feb. 1
Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and is renowned in the area of computer systems security. Presented as part of ECE Florida’s Distinguished Speaker Series.
Memory corruption bugs remain the most common sources of security vulnerabilities. Researchers have proposed various mitigation mechanisms such as data execution prevention (DEP), which prohibits execution over writable memory preventing code injection, and control-flow integrity (CFI), which limits adversary’s choices when reusing existing code, to prevent adversaries from effectively exploiting vulnerabilities that enable control-flow hijacking. Despite the long history of these mitigations, it remains a challenge to deploy these defenses to a software system comprehensively, including the privileged operating system kernel and all the user-space applications running on top of it, to have a fully protected software stack under these strong defenses. In this talk we explore solutions to achieving the goal of protecting an entire software system with both DEP and CFI, which we call execution integrity. We aim to build execution integrity from the ground up. Specifically, we first propose a lightweight system to enforce DEP for the operating system kernel based on general principles on mediating memory management operations, and implement the idea as a proof-of-concept on the ARM TrustZone architecture. Then, built upon the DEP enforcement, we demonstrate a systematic approach to enforce fine-grained CFI for the operating system kernel comprehensively, e.g., handle non-trivial control flows introduced by the system events such as page faults, and efficiently, e.g., outperform a comparable coarse-grained CFI implementations. Finally, we present a hardware-assisted operating system mechanism that is capable of protecting all running, unmodified userspace applications with configurable, strong CFI policies.
Trent Jaeger is a Professor in the Computer Science and Engineering Department at The Pennsylvania State University and the Co-Director of the Systems and Internet Infrastructure Security (SIIS) Lab. Trent’s research interests include operating systems security and the application of programming language techniques to software security. He has published over 100 refereed research papers and is the author of the book “Operating Systems Security,” which examines the principles of designs for secure operating systems. Trent has made a variety of contributions to open source systems security, particularly to the Linux Security Modules framework, SELinux, and integrity measurement in Linux. He was Chair of the ACM Special Interest Group on Security, Audit, and Control (SIGSAC) from 2013-2017. Trent has chaired several security conferences and workshops, and has been selected as General Chair for NDSS 2019-2020. Trent has an M.S. and a Ph.D. from the University of Michigan, Ann Arbor in Computer Science and Engineering, respectively, and spent nine years at IBM Research prior to joining Penn State.