Defending Memory Vulnerabilities Latent in Production Software

Speaker:        Dr. Tongping Liu
                University of Texas at San Antonio

Title:          "Defending Memory Vulnerabilities Latent in Production
                 Software"

Date:           Monday, 18 March 2019

Time:           4:00pm - 5:00pm

Venue:          Lecture Theater F (near lift no. 25/26), HKUST

Abstract:

Memory vulnerabilities can be exploited for security attacks, such as data
corruption, control-flow hijacks, and information leakage. The
intermittent reports of security attacks indicate the wide existence of
memory vulnerabilities, and the lack of effective systems to defend such
vulnerabilities in reality. This talk will present two of our research
effortsaiming to defend memory vulnerabilities latent in the production
software.

First, I will present a novel heap allocator--Guarder--that could make
heap-based security attacks harder to succeed. Randomization is the
conventional wisdom to achieve this.  However, existing secure allocators
face with two serious issues that prevent their wide adoptions, the
significant performance overhead, and the unstable randomization entropy
that can vary on different execution phases. Due to the second fact,
attackers may breach the system at the weakest point. Guarder ensures the
reliable randomization entropy, and provides an unprecedented level of
security guarantee by providing all security features of existing
allocators, but without compromising the performance, which has an
overhead less than 3% on average comparing to performance-oriented
allocators. This project was supported by Mozilla Company.

Second, I will present an efficient tool--iReplayer--that could report
memory vulnerabilities precisely. The key insight is that it is possible
to ensure that the evidence of memory vulnerabilities remains for the
later detection. Therefore, instead of detecting memory vulnerabilities in
the original execution, which may impose prohibitive performance overhead,
the proposed approach only invokes the detection when the evidence of
vulnerabilities is found. More specifically, it only performs the
detection based on the found evidence, which avoids the significant
performance overhead for common cases that do not have vulnerabilities and
makes it applicable for the production environment. iReplayer further
unlocks numerous possibilities in security forensics, failure diagnosis,
and online error remediation.


********************
Biography:

Tongping Liu is an Assistant Professor at the University of Texas at San
Antonio. He received his Ph.D. from the University of Massachusetts
Amherst in 2014. His primary research goal is to practically improve the
security and reliability of software. His work appeared in most
prestigious system and security conferences, such as SOSP, OSDI, USENIX
Security, CCS, and PLDI. He has been awarded the 2015 Google Faculty
Research Award, and multiple grants from NSF. More information can be seen
at http://www.cs.utsa.edu/~tongpingliu/