Control Flow Integrity based Security
Control Flow Integrity based Security
Seminare | 2 SWS / 5,0 ECTS (Kursbeschreibung) |
Veranstalter: | Paul Muntean |
Zeit und Ort: | 10:00 - 11:30 Uhr; 01.08.033 |
Beginn: | 2017-10-16 |
News
- We have some free slots for students who want to attend the seminar! In case you want to attend the seminar send me an email at: paul@sec.in.tum.de
Dates
- Kick-off meeting: 04.07.2017 - 10:00 AM in Room 01.08.033
Application Requirements
- Basic programming skills
- Write a letter of motivation
- TUM Online grades transcript (or a list) with all the lectures, seminars, you attended, etc.
- Submission until 11 July by encrypted e-mail to the supervisor, e-mail: paul@sec.in.tum.de
- One DIN A4 side
- Why would you like to participate?
- Which topic would you like to have?
Contents
Required Preliminary Knowledge
Basic C/C++ programmin, Assembly language and IT security knowledge.
Task
In this seminar, several hot topics in this line of research will be discussed. The goal is to provide students an overview of state-of-the-art control flow based security techniques in order to encourage them to explore this exciting research field. Each student will be assigned with one research paper. After studying the paper, each student is required to write a short report about the paper, make a 30-minute presentation about his/her topic and 15 minutes discussion.
|
Topics
List of seminar papers. Each student selects one research paper. e.g., 1 in bold font means paper 1 was assigned.
# | Paper | Description |
1 |
Control-Flow Integrity: Precision, Security, and Performance | This improved version of the original CFI |
2 |
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity |
effectiveness of CFI |
3 | Execution Integrity with In-Place Encryption | CFI with in-place encription |
4 | DROP THE ROP Fine-grained Control-flow Integrity for the Linux Kernel | CFI for the Linux Kernel |
5 |
|
fine-grained CFI for the Kernel |
6 |
|
Counterfeit object oriented programming attack |
7 | ROP is Still Dangerous: Breaking Modern Defenses | CFI based defense for ROP attack |
8 | Hacking in Darkness: Return-oriented Programming against Secure Enclaves | ROP for SGX based enclaves |
9 | Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing | CFI based protection for SGX based enclaves |
10 |
|
vTable protection in program binaries |
11 |
|
Source-code recomplile based defense for vTable hijacking attack |
12 | Source-code recompile based defense for vTable hijacking attack | |
13 |
Towards Automated Integrity Protection of C++ Virtual Function |
Binary rewriting based defense for vTable hijacking attack |
14 |
A Tough call: Mitigating Advanced Code-Reuse Attacks At The Binary Level |
Binary rewriting based defense for vTable hijacking attack |
Seminar Schedule
Title | Speaker | Date |
Kickoff Meeting | Paul M. | 04.07.2017 |
Prepare the literature research and report outline | all students | 16.10.2017 |
Introduction of the runtime attacks and defenses | Paul M. | 23.10.2017 |
Deliver the literature research and report outline | all students | 30.10.2017 |
1. tba 2. tba |
tba tba |
06.11.2017 |
3. tba 4. tba |
tba tba |
13.11.2017 |
5. Execution Integrity with In-Place Encryption 6. tba |
Miguel A.C. Gavino tba |
20.11.2017 |
7. ROP is Still Dangerous: Breaking Modern Defenses 8. tba |
N. Schwellnus tba |
27.11.2017 |
9. tba 10. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity |
tba F. Rett |
04.12.2017 |
11. Fine-Grained Control-Flow Integrity for Kernel Software 12. Protecting C++ Dynamic Dispatch Through VTable Interleaving |
C. Roemheld C. Christandl |
11.12.2017 |
13. Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs 14. tba |
T. Wollschlaeger tba |
18.12.2017 |
End of presentation phase and delivery of the first version report to me (one pdf file/email) | all students | 08.01.2018 |
Distribution of the review topics; one email; 2 reports/student | all students | 15.01.2018 |
Delivery of the reviews to me over email, two pdf files |
all students | 22.01.2018 |
Return of the reviews to the students (email format, one pdf file) | all students | 29.01.2018 |
Final report delivery with email format in one pdf file | all students | 05.02.2018 |
Presentation Guidelines
Each student makes a presentation about the given paper. The time given for the presentation is 45 minutes, including discussion. We recommend to take 30 minutes for actual presentation and leave around 15 minutes for discussion. Presentations should be in a style of conference/workshop talks. A good presentation will:
- give correct and accurately displayed information about the paper,
- present all the important points of the paper,
- contain an understandable explanation for your colleague students, especially about the used method and the results of the paper,
- initiate a good discussion.
Report Structure and Literature Research Q & A
- Q: How can I obtain bonus points for my report and presentation?
- A: For example: add a new discussion section (i.e., you can discuss about relevant work), add more related work (note: partition the related work section in subsections), add a new conclusion (i.e., can be also a high level conclusion about the original paper), add or expand the future work section with future research directions (i.e., cluster them if needed).
- Q: Do I have to provide the name of the seminar on all my deliverables?
- A: Yes, the name of the seminar, your name and your Matr. Nr. have to be provided.
- Q: Is it enough to only list all the literature we probably need?
- A: You need to list all references and write one sentence which characterizes that reference. You can have a look for example in the abstract, discussion or conclusion section, etc.
- Q: What needs to be the content of the report outline or better its structure?
- A: Basically the structure of the original paper plus your own contributions/sections (e.g., extended related work section, new discussion section, etc.)
Report Guidelines
Avoid making common report writing mistakes: Download the general guidelines
Each report should include an abstract of up to 200 words. It should be not shorter than 10 single-spaced pages and no longer than 15 single-spaced pages with 10pt font size. Students need to hand in a hard copy of the report before the final deadline. Students are strongly encouraged to use Springer LNCS/LNAI manuscript submission guidelines.
Students should not aspire to write a long but boring report. A charming report should be clear, compact and easy to follow.
Note that, if a student doesn't submit a report and give a presentation before 08.01.2018, he/she will not pass.
Download the PDF version of "How to Write a Seminar Report". PARAPHRASING AND SUMMARIZING
Summarizing
Always check your summary for clarity. |
Other Resources
Science Research Writing for Non-Native Speakers of English | |
Cambridge Advanced Grammar in Use | |
How (and How Not) to Write a Good Systems Paper |
|