310 Larsen Hall
Gainesville, Florida 32611
Trent Jaeger, Professor in the Computer Science and Engineering Department at The Pennsylvania State University
Title: Enforcing Control-Flow Integrity System-Wide
Memory corruption bugs remain the most common sources of security vulnerabilities. Researchers have proposed various mitigation mechanisms such as data execution prevention (DEP), which prohibits execution over writable memory preventing code injection, and control-flow integrity (CFI), which limits adversary’s choices when reusing existing code, to prevent adversaries from effectively exploiting vulnerabilities that enable control-flow hijacking. Despite the long history of these mitigations, it remains a challenge to deploy these defenses to a software system comprehensively, including the privileged operating system kernel and all the user-space applications running on top of it, to have a fully protected software stack under these strong defenses. In this talk we explore solutions to achieving the goal of protecting an entire software system with both DEP and CFI, which we call execution integrity. We aim to build execution integrity from the ground up. Specifically, we first propose a lightweight system to enforce DEP for the operating system kernel based on general principles on mediating memory management operations, and implement the idea as a proof-of-concept on the ARM TrustZone architecture. Then, built upon the DEP enforcement, we demonstrate a systematic approach to enforce fine-grained CFI for the operating system kernel comprehensively, e.g., handle non-trivial control flows introduced by the system events such as page faults, and efficiently, e.g., outperform a comparable coarse-grained CFI implementations. Finally, we present a hardware-assisted operating system mechanism that is capable of protecting all running, unmodified userspace applications with configurable, strong CFI policies.
Trent Jaeger is a Professor in the Computer Science and Engineering
Department at The Pennsylvania State University and the Co-Director of
the Systems and Internet Infrastructure Security (SIIS) Lab. Trent’s
research interests include operating systems security and the
application of programming language techniques to software security.
He has published over 100 refereed research papers and is the author
of the book “Operating Systems Security,” which examines the
principles of designs for secure operating systems. Trent has made a
variety of contributions to open source systems security, particularly
to the Linux Security Modules framework, SELinux, and integrity
measurement in Linux. He was Chair of the ACM Special Interest Group
on Security, Audit, and Control (SIGSAC) from 2013-2017. Trent has
chaired several security conferences and workshops, and has been
selected as General Chair for NDSS 2019-2020. Trent has an M.S. and a
Ph.D. from the University of Michigan, Ann Arbor in Computer Science
and Engineering, respectively, and spent nine years
at IBM Research prior to joining Penn State.