TUM Logo

Control Flow Integrity based Security

Control Flow Integrity based Security  

Seminare 2 SWS / 5,0 ECTS (Kursbeschreibung)
Veranstalter: Paul Muntean
Zeit und Ort:

10:00 - 11:30 Uhr; 01.08.033

Beginn: 2017-10-16

The lecture is given in english

News

  • We have some free slots for students who want to attend the seminar! In case you want to attend the seminar send me an email at: paul@sec.in.tum.de

Dates

  • Kick-off meeting: 04.07.2017 - 10:00 AM in Room 01.08.033

Application Requirements

  • Basic programming skills
  • Write a letter of motivation
  • TUM Online grades transcript (or a list) with all the lectures, seminars, you attended, etc.
  • Submission until 11 July by encrypted e-mail to the supervisor, e-mail: paul@sec.in.tum.de
    • One DIN A4 side
    • Why would you like to participate?
    • Which topic would you like to have?

Contents

In this seminar we are looking at Control Flow Integrity (CFI) based mittigation techniques against code reuse attacks. More specifically, we look at hardware support which can be used to mitigate code reuse attacks and compiler support for CFI techniques which can be used to reduce the attack surface w.r.t. certain code reuse attacks. Finally, possible tool improvements and new CFI based techniques are evaluated and compared against each other.

Required Preliminary Knowledge

Basic C/C++ programmin, Assembly language and IT security knowledge.

Task

In this seminar, several hot topics in this line of research will be discussed. The goal is to provide students an overview of state-of-the-art control flow based security techniques in order to encourage them to explore this exciting research field. Each student will be assigned with one research paper. After studying the paper, each student is required to write a short report about the paper, make a 30-minute presentation about his/her topic and 15 minutes discussion.

  • Each student selects one paper from the list below.
  • Students‘ report should cover the content of the chosen paper.
  • The presentation should focus on your paper.
  • For the registration, students are required to send the title of their selection to Paul Muntean
  • The papers will be assigned in a "first-come, first-served" and "interesting point" ways

Topics

List of seminar papers. Each student selects one research paper. e.g., 1 in bold font means paper 1 was assigned.

# Paper Description

1

Control-Flow Integrity: Precision, Security, and Performance This improved version of the original CFI
2

 

Control-Flow Bending: On the Effectiveness of Control-Flow Integrity

effectiveness of CFI
3 Execution Integrity with In-Place Encryption CFI with in-place encription
4 DROP THE ROP Fine-grained Control-flow Integrity for the Linux Kernel CFI for the Linux Kernel
5

 

Fine-Grained Control-Flow Integrity for Kernel Software

fine-grained CFI for the Kernel
6

 

Counterfeit Object-oriented Programming

Counterfeit object oriented programming attack
7 ROP is Still Dangerous: Breaking Modern Defenses CFI based defense for ROP attack
8 Hacking in Darkness: Return-oriented Programming against Secure Enclaves ROP for SGX based enclaves
9 Inferring Fine-grained Control Flow Inside SGX Enclaves with Branch Shadowing CFI based protection for SGX based enclaves
10

 

VTPin: Practical VTable Hijacking Protection for Binaries

vTable protection in program binaries
11

 

Protecting C++ Dynamic Dispatch Through VTable Interleaving

Source-code recomplile based defense for vTable hijacking attack
12

Enforcing Forward-Edge Control-Flow Integrity in GCC & LLVM

Source-code recompile based defense for vTable hijacking attack
13

Towards Automated Integrity Protection of C++ Virtual Function
Tables in Binary Programs

Binary rewriting based defense for vTable hijacking attack
14

A Tough call: Mitigating Advanced Code-Reuse Attacks At The Binary Level

Binary rewriting based defense for vTable hijacking attack

Seminar Schedule

Title Speaker Date
Kickoff Meeting Paul M. 04.07.2017
Prepare the literature research and report outline all students 16.10.2017
Introduction of the runtime attacks and defenses Paul M. 23.10.2017
Deliver the literature research and report outline all students 30.10.2017

1. tba

2. tba

tba

tba

06.11.2017

3. tba

4. tba

tba

tba

13.11.2017

5. Execution Integrity with In-Place Encryption

6. tba

Miguel A.C. Gavino

tba

20.11.2017

7. ROP is Still Dangerous: Breaking Modern Defenses

8. tba

N. Schwellnus

tba

27.11.2017

9. tba

10. Control-Flow Bending: On the Effectiveness of Control-Flow Integrity

tba

F. Rett

04.12.2017

11. Fine-Grained Control-Flow Integrity for Kernel Software

12. Protecting C++ Dynamic Dispatch Through VTable Interleaving

C. Roemheld

C. Christandl

11.12.2017

13. Towards Automated Integrity Protection of C++ Virtual Function Tables in Binary Programs

14. tba

T. Wollschlaeger

tba

18.12.2017
End of presentation phase and delivery of the first version report to me (one pdf file/email) all students 08.01.2018
Distribution of the review topics; one email; 2 reports/student all students 15.01.2018

Delivery of the reviews to me over email, two pdf files
1. Add comments directly to the pdf file. 2. More than 20 comments per report review are indicated.

all students 22.01.2018
Return of the reviews to the students (email format, one pdf file) all students 29.01.2018
Final report delivery with email format in one pdf file all students 05.02.2018

Presentation Guidelines

Each student makes a presentation about the given paper. The time given for the presentation is 45 minutes, including discussion. We recommend to take 30 minutes for actual presentation and leave around 15 minutes for discussion. Presentations should be in a style of conference/workshop talks. A good presentation will:

  • give correct and accurately displayed information about the paper,
  • present all the important points of the paper,
  • contain an understandable explanation for your colleague students, especially about the used method and the results of the paper,
  • initiate a good discussion.

Report Structure and Literature Research Q & A

  • Q: How can I obtain bonus points for my report and presentation?
  • A: For example: add a new discussion section (i.e., you can discuss about relevant work), add more related work (note: partition the related work section in subsections), add a new conclusion (i.e., can be also a high level conclusion about the original paper), add or expand the future work section with future research directions (i.e., cluster them if needed).
  • Q: Do I have to provide the name of the seminar on all my deliverables?
  • A: Yes, the name of the seminar, your name and your Matr. Nr. have to be provided.
  • Q: Is it enough to only list all the literature we probably need?
  • A: You need to list all references and write one sentence which characterizes that reference. You can have a look for example in the abstract, discussion or conclusion section, etc.
  • Q: What needs to be the content of the report outline or better its structure?
  • A: Basically the structure of the original paper plus your own contributions/sections (e.g., extended related work section, new discussion section, etc.)

Report Guidelines

Avoid making common report writing mistakes: Download the general guidelines

Each report should include an abstract of up to 200 words. It should be not shorter than 10 single-spaced pages and no longer than 15 single-spaced pages with 10pt font size. Students need to hand in a hard copy of the report before the final deadline. Students are strongly encouraged to use Springer LNCS/LNAI manuscript submission guidelines.

Download the LaTeX template

Students should not aspire to write a long but boring report. A charming report should be clear, compact and easy to follow.

Note that, if a student doesn't submit a report and give a presentation before 08.01.2018, he/she will not pass.

 

Download the PDF version of "How to Write a Seminar Report".

PARAPHRASING AND SUMMARIZING

In a report writing, it is necessary to stick more closely to the original and to preserve something of the progression of the argument from the source. The process of reproducing another writer’s text in your own words without attempting to reduce the length of the passage substantially is known as paraphrasing. If you set out to reproduce another writer’s ideas and arguments but at considerably less length and in less detail, then you are summarizing it.

Paraphrasing

The art of paraphrasing consists of re-creating an original text in its entirety using your own words, not those of the author. It can be particularly useful if your reader might have difficulty in following the original text. Here are some tips for you to produce an effective paraphrase:

  • You should, as much as possible, avoid quoting from the original.
  • If the author uses a particularly distinctive word or phrase that you wish to retain, then you should put it in quotation marks.
  • To avoid the pitfall of plagiarism, you can treat a paraphrase as if it were a piece of reported speech (in other words, X says/states/confirms/expresses/reports, etc. that ...)
  • If the passage has an emotional quality, however, you can help to convey this by beginning “X complains/insists/gleefully that ...”. Similarly, if the author is presenting an argument or responding to arguments put forward by someone else, you can register that fact by saying “X argues/admits/counters this argument by suggesting that ...”
  • When you have completed a paraphrase, you should always check it against the original to ensure that you have not omitted anything important.

 

Summarizing


Summarizing is an extremely useful writing skill for a researcher. For instance, you can easily find yourself in the position of having to pare down your text to
fit the space available (e.g. due to the page-limit of a conference paper). It is also often useful to provide a summary of your argument to wind up a lecture, report, or dissertation. A summary should be between 1/3 or 1/4 of the length of the original. Under these conditions, there is seldom any reason to keep the wording of the original. Here are some tips for you to make an effective summary:

  • Read through the whole passage carefully and make sure that you have understood it.
  • Identify and note down its main points, the essential ideas or pieces of informati
  • Science Research Writing for Non-Native Speakers of English
  • Cambridge Advanced Grammar in Use
  • How (and How Not) to Write a Good Systems Paper
  • How (and How Not) to Write a Good Systems Paper
  • on that the writer wishes to convey to the reader.
  • Check the order of main points is the most effective order.
  • It is easier to condense a piece of poor writing than a piece of good writing, because poor writing is often loosely structured and padded out with largely irrelevant material or simple verbiage.
  • To fit a large amount of information into succinctly words, you may resort to longer and more formal words and more complex grammatical constructions than you might normally use.

Always check your summary for clarity.

Other Resources

 

Science Research Writing for Non-Native Speakers of English Science Research Writing for Non-Native Speakers of English
Cambridge Advanced Grammar in Use Cambridge Advanced Grammar in Use

How (and How Not) to Write a Good Systems Paper

 

How (and How Not) to Write a Good Systems Paper