{"550991":{"#nid":"550991","#data":{"type":"event","title":"PhD Defense by Byoungyoung Lee","body":[{"value":"\u003Cp\u003ETitle:\u0026nbsp;\u003Cstrong\u003EProtecting computer systems through eliminating\u0026nbsp;or analyzing vulnerabilities\u003C\/strong\u003E\u003Cbr \/\u003E \u003Cbr \/\u003E \u003Cstrong\u003EByoungyoung Lee\u003C\/strong\u003E\u003Cbr \/\u003E School of Computer Science\u003Cbr \/\u003E College of Computing\u003Cbr \/\u003E Georgia Institute of Technology\u003Cbr \/\u003E \u003Cbr \/\u003E Date:\u0026nbsp;Thursday, July 14, 2016\u003Cbr \/\u003E Time:\u0026nbsp;2 PM to 4 PM EST\u003Cbr \/\u003E \u003Cstrong\u003ELocation: KACB 3126\u003C\/strong\u003E\u003Cbr \/\u003E \u003Cbr \/\u003E Committee:\u003Cbr \/\u003E ---------------\u003Cbr \/\u003E Dr. Wenke Lee (Co-Advisor, School of Computer Science, Georgia Tech)\u003Cbr \/\u003E Dr. Taesoo Kim (Co-Advisor, School of Computer Science, Georgia Tech)\u003Cbr \/\u003E Dr. William R. Harris (School of Computer Science, Georgia Tech)\u003Cbr \/\u003E Dr. Alex Orso (School of Computer Science, Georgia Tech)\u003Cbr \/\u003E Dr. Weidong Cui (Microsoft Research Redmond)\u003Cbr \/\u003E \u003Cbr \/\u003E Abstract:\u003Cbr \/\u003E ---------------\u003C\/p\u003E\u003Cp\u003EThere have been tremendous efforts to build fully secure computer\u003C\/p\u003E\u003Cp\u003Esystems, but it is not an easy goal.\u0026nbsp; Making a simple mistake\u003C\/p\u003E\u003Cp\u003Eintroduces a vulnerability, which can critically endanger a whole\u003C\/p\u003E\u003Cp\u003Esystem\u0027s security.\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EThis thesis aims at protecting computer systems from\u003C\/p\u003E\u003Cp\u003Evulnerabilities. We take two complementary approaches in achieving\u003C\/p\u003E\u003Cp\u003Ethis goal, eliminating or analyzing vulnerabilities.\u0026nbsp; In the\u003C\/p\u003E\u003Cp\u003Evulnerability elimination approach, we eliminate a certain class\u003C\/p\u003E\u003Cp\u003Eof memory corruption vulnerabilities to completely close attack\u003C\/p\u003E\u003Cp\u003Evectors from such vulnerabilities.\u0026nbsp; In particular, we develop tools\u003C\/p\u003E\u003Cp\u003EDangNull and CaVer, each of which eliminates popular and emerging\u003C\/p\u003E\u003Cp\u003Evulnerabilities, use-after-free and bad-casting, respectively.\u003C\/p\u003E\u003Cp\u003EDangNull relies on the key observation that the root cause of\u003C\/p\u003E\u003Cp\u003Euse-after-free is that pointers are not nullified after the target\u003C\/p\u003E\u003Cp\u003Eobject is freed.\u0026nbsp; Thus, DangNull instruments a program to trace the\u003C\/p\u003E\u003Cp\u003Eobject\u0027s relationships via pointers and automatically nullifies all\u003C\/p\u003E\u003Cp\u003Epointers when the target object is freed.\u0026nbsp; Similarly, CaVer relies\u003C\/p\u003E\u003Cp\u003Eon the key observation that the root cause of bad-casting is that\u003C\/p\u003E\u003Cp\u003Ecasting operations are not properly verified.\u0026nbsp; Thus, CaVer uses a\u003C\/p\u003E\u003Cp\u003Enew runtime type tracing mechanism to overcome the limitation of\u003C\/p\u003E\u003Cp\u003Eexisting approaches, and performs efficient verification on all type\u003C\/p\u003E\u003Cp\u003Ecasting operations dynamically.\u0026nbsp; We have implemented these protection\u003C\/p\u003E\u003Cp\u003Esolutions and successfully applied them to Chrome and Firefox\u003C\/p\u003E\u003Cp\u003Ebrowsers. Our evaluation showed that DangNull and CaVer imposes 29%\u003C\/p\u003E\u003Cp\u003Eand 7.6% benchmark overheads in Chrome, respectively. We have also\u003C\/p\u003E\u003Cp\u003Etested seven use-after-free and five bad-casting exploits in Chrome,\u003C\/p\u003E\u003Cp\u003Eand DangNull and CaVer safely prevented them all.\u003C\/p\u003E\u003Cp\u003E\u0026nbsp;\u003C\/p\u003E\u003Cp\u003EIn the vulnerability analysis approach, we focus on a timing-channel\u003C\/p\u003E\u003Cp\u003Evulnerability which allows an attacker to learn information about\u003C\/p\u003E\u003Cp\u003Eprogram\u0027s sensitive data without causing a program to perform\u003C\/p\u003E\u003Cp\u003Eunsafe operations.\u0026nbsp; It is challenging to test and further confirm\u003C\/p\u003E\u003Cp\u003Ethe timing-channel vulnerability as it typically involves complex\u003C\/p\u003E\u003Cp\u003Ealgorithmic operations.\u0026nbsp; We implemented SideFinder, an assistant tool\u003C\/p\u003E\u003Cp\u003Eidentifying timing-channel vulnerabilities in a hash table. Empowered\u003C\/p\u003E\u003Cp\u003Ewith symbolic execution techniques, SideFinder semi-automatically\u003C\/p\u003E\u003Cp\u003Esynthesizes inputs attacking timing-channels, and thus confirms the\u003C\/p\u003E\u003Cp\u003Evulnerability.\u0026nbsp; Using SideFinder, we analyzed and further synthesized\u003C\/p\u003E\u003Cp\u003Etwo real-world attacks in the Linux kernel, and showed it can break\u003C\/p\u003E\u003Cp\u003Eone important security mechanism, Address Space Layout Randomization\u003C\/p\u003E\u003Cp\u003E \u003C\/p\u003E","summary":null,"format":"limited_html"}],"field_subtitle":"","field_summary":"","field_summary_sentence":[{"value":"Protecting computer systems through eliminating or analyzing vulnerabilities"}],"uid":"27707","created_gmt":"2016-07-06 15:37:13","changed_gmt":"2016-10-08 02:18:15","author":"Tatianna Richardson","boilerplate_text":"","field_publication":"","field_article_url":"","field_event_time":{"event_time_start":"2016-07-14T15:00:00-04:00","event_time_end":"2016-07-14T17:00:00-04:00","event_time_end_last":"2016-07-14T17:00:00-04:00","gmt_time_start":"2016-07-14 19:00:00","gmt_time_end":"2016-07-14 21:00:00","gmt_time_end_last":"2016-07-14 21:00:00","rrule":null,"timezone":"America\/New_York"},"extras":[],"groups":[{"id":"221981","name":"Graduate Studies"}],"categories":[],"keywords":[{"id":"100811","name":"Phd Defense"}],"core_research_areas":[],"news_room_topics":[],"event_categories":[{"id":"1788","name":"Other\/Miscellaneous"}],"invited_audience":[{"id":"78771","name":"Public"}],"affiliations":[],"classification":[],"areas_of_expertise":[],"news_and_recent_appearances":[],"phone":[],"contact":[],"email":[],"slides":[],"orientation":[],"userdata":""}}}