Enhancing Security of Real-World Systems with a Better Understanding of the Threats

Опубликовано 6 сентября 2016, 5:24

Security is always a battle between attackers and defenders. Understanding the adversaries and threats is a crucial effort in building secure systems. My thesis research focuses on analyzing, modeling and reasoning of security vulnerabilities/attacks in real systems, and using the obtained insights to develop defense techniques to provide security protections. Such an analysis-centric research approach uniquely gives two contributions: (1) demonstration of a systematic approach for analyzing and reasoning about system security, (2) design of security defense techniques of high effectiveness and practical relevance. This talk incorporates my research projects in the recent two years. To understand the security threats in the field, I investigated a large number of real-world security vulnerabilities reported in Bugtraq and CERT databases. The analysis results suggest that a type of currently uncommon attacks, namely non-control-hijacking attacks, is in fact a realistic threat against real software systems. This threat is underestimated by most current defense techniques, which rely on control flow integrity to defeat security attacks. I have constructed security attacks against several widely used HTTP, FTP, SSH and Telnet servers. All attacks get the root privilege of the servers while still preserving their control flow integrity, and thus evade the defense techniques. Non-control-hijacking attacks, therefore, represent a new challenge to be seriously considered in defense research. In response to the new threat, I designed and implemented both static and runtime defense techniques to enhance software security, based on a common characteristic of security vulnerabilities that we refer to as ΓÇ£pointer taintednessΓÇ¥. A pointer is said to be tainted if the pointer value comes directly or indirectly from user input. Tainted pointers allow the user to arbitrarily specify the target memory address to read, write or transfer control to, and thus is usually a pathological program behavior that leads to security compromises. I developed a theorem proving technique (with a logic definition of program semantics) to uncover potential security vulnerabilities via source code analysis, and a processor architecture technique for dynamic pointer taintedness detection. Our evaluation shows that the new techniques offer a substantial improvement on security protections in real-world systems.