Enhancing Security of Real-World Systems with a Better Understanding of the Threats

  • Shuo Chen | University of Illinois

Security is always a battle between attackers and defenders. Understanding the adversaries and threats is a crucial effort in building secure systems. My thesis research focuses on analyzing, modeling and reasoning of security vulnerabilities/attacks in real systems, and using the obtained insights to develop defense techniques to provide security protections. Such an analysis-centric research approach uniquely gives two contributions: (1) demonstration of a systematic approach for analyzing and reasoning about system security, (2) design of security defense techniques of high effectiveness and practical relevance.

This talk incorporates my research projects in the recent two years. To understand the security threats in the field, I investigated a large number of real-world security vulnerabilities reported in Bugtraq and CERT databases. The analysis results suggest that a type of currently uncommon attacks, namely non-control-hijacking attacks, is in fact a realistic threat against real software systems. This threat is underestimated by most current defense techniques, which rely on control flow integrity to defeat security attacks. I have constructed security attacks against several widely used HTTP, FTP, SSH and Telnet servers. All attacks get the root privilege of the servers while still preserving their control flow integrity, and thus evade the defense techniques. Non-control-hijacking attacks, therefore, represent a new challenge to be seriously considered in defense research.

In response to the new threat, I designed and implemented both static and runtime defense techniques to enhance software security, based on a common characteristic of security vulnerabilities that we refer to as “pointer taintedness”. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Tainted pointers allow the user to arbitrarily specify the target memory address to read, write or transfer control to, and thus is usually a pathological program behavior that leads to security compromises. I developed a theorem proving technique (with a logic definition of program semantics) to uncover potential security vulnerabilities via source code analysis, and a processor architecture technique for dynamic pointer taintedness detection. Our evaluation shows that the new techniques offer a substantial improvement on security protections in real-world systems.

Speaker Details

Shuo Chen is working toward his Ph.D. degree in Computer Science under the guidance of Prof. Ravi Iyer in University of Illinois at Urbana-Champaign. His research interests include security and fault tolerance, with an emphasis on systems research related to the analyses of real-world security vulnerabilities, security attacks, and the impacts of software/hardware faults on security. Several areas in Computer Science and Engineering are related to his dissertation, including trustworthy computing, operating systems, formal method and programming language. Besides the research in Illinois, Shuo has internship experiences in Microsoft Research, Lucent Bell Labs and Avaya Labs. All internship projects are in the area of systems and networking.

Watch Next