Previous month Previous day Next day Next month
By Year By Month By Week Today Search Jump to month

Guest talk: “Large-scale Automated Software Diversity – Programming Language Technology to Enhance System Security”

Download as iCal file
 
Thursday, 26. March 2015, 10:00 - 11:00
Category: Lectures & Presentations | created by This email address is being protected from spambots. You need JavaScript enabled to view it.

Abstract: Security is among the most pressing problems in computing today, with high profile breaches receiving notable media coverage and increasingly also impacting daily life. For example, the Sony breach made the headlines and forced Sony to cancel screenings of their movie “The Interview” in the United States. After talking about the current state of cyber-security, including major incidents and estimated economic damages, I will be analyzing the current software ecosystem and identify the primary culprit: the software monoculture. I will then illustrate return-oriented programming (ROP) and show how software diversity effectively mitigates this attack vector. In addition, I will cover important next steps: adaptive diversification to reduce performance impact and active defenses as a new capability.

Since there are no rules that attackers have to obey, I will then address another attack vector that is particularly worrisome in cloud environments: side channels. Attackers use side channels to infer valuable information, such as encryption keys or passwords. Next, I will present a new diversification technique that prevents side channel attacks. Since software diversity protects against multiple attack vectors, restricting attacker’s mobility and thus significantly raising the bar for attackers.

Location SBA Research gGmbH Wien
Contact Bettina Bauer This email address is being protected from spambots. You need JavaScript enabled to view it.