TUM Logo

Low-Level Software Security

Low-Level Software Security  

Praktika 6 SWS / 10 ECTS
Veranstalter: Marius Momeu and Manuel Andreas
Zeit und Ort:

Contact: Marius Momeu - momeu@sec.in.tum.de / Manuel Andreas - andreas@sec.in.tum.de

Preliminary Meeting: Thursday, 26.01.2023 / 11.00 h / Room: 01.08.033
Beginn:

The lecture is given in english
The slides are available in english
The exam will be in english

2nd Matching Round

  • in order to book your seat in the lab you need to solve a nimble qualification challenge
  • please follow the instructions in the premeeting slides below
  • deadline for submitting the solution is 27.03 EOD

Premeeting

Description

In this practical lab we are going to tackle a variety of memory safety issues in low-level software (s.a. operating systems, hypervisors, firmware, or libraries) and state-of-the-art mechanisms that either mitigate them via software hardening (CFI/DFI, memory isolation, software debloating, sandboxing) or detect them via software testing (s.a. static/dynamic analysis, fuzzing, symbolic execution). The proposed topics will be applied in the context of the most popular processor architectures, s.a. ARM and x86 (Intel and AMD), with a slight focus on IoT devices and cloud server nodes.

Generally, each student team (made of two members) will get assigned at the beginning of the lab a (unique) topic proposal defined by the supervisors. You can also choose to work on a topic proposed by you. Then, throughout the semester you will work on implementing a prototype for the assigned topic and evaluate it in the proposed use-cases. Finally, you will write a report about your findings and present them in a final talk at the end of the semester. Our topics will be based on state-of-the-art research in the area of systems hardening and low-level software.

For example, you may have to implement a prototype based on hardware security extensions, such as features that facilitate memory integrity/isolation (e.g., ARM's PAC or MTE, or Intel's VT-x and MPK), which aims to mitigate nefarious memory corruption vulnerabilities (s.a. heap/stack overflows that lead to the corruption of pointer or sensitive data), e.g. in operating system kernels. Additionally, you may have to implement (parts of) a static analyzer prototype for extracting the CFG of the Linux kernel using the LLVM framework, and leverage it to install CFI or DFI policies that can mitigate code-reuse attacks (e.g., ROP/JOP) or data-oriented attacks (e.g., DOP). Moreover, you may write components of a hypervisor fuzzer and spawn them to find crashes in popular hypervisors s.a. Xen or KVM. The catalog of topics will include much more!

Capacity

  • 16 students (8 teams)

Qualification Challenge

  • yes! see preemeting slides above for details

Useful Prerequisites

In this practical lab you should expect to touch on a broad set of concepts, including but not limited to:

  • Operating system and hypervisor internals
  • C/C++, Assembly, Rust programming (x86, ARM, or AMD)
  • Intel/ARM/AMD architectures and hardware extensions
  • Binary exploitation know-how
  • Program analysis frameworks (s.a. LLVM's IR)testing