Published: Mon 10 April 2017
This was my second AsiaCCS. After an interesting experience
in China last
year, this year's AsiaCCS was in the United
Arab Emirates (UAE) in Abu Dhabi. My program for this conference was quite
packed. Two of my students had presentations, Daniele Midi's nesCheck work and
Scott Carr's selective memory safety work was presented. In addition, I gave an
invited talk about Control-Flow Integrity with detailed metrics and measurements
that we conducted on a large set of open-source mechanisms.
After serving in the program committee, I already knew some of the
interesting papers that will be presented and I'll only highlight a few of them
Software Guard Extension
Detecting Privileged Side-Channel Attacks in Shielded Execution with Déjà Vu.
The paper presents how one can detect AEX (asynchronous enclave exists) through
side channels. Whenever the number of AEX raises past a certain threshold, an
attack is against the SGX container is taking place. The proposed solution
requires a specification of this threshold which may allow the attacker to tune
the attack towards but just below this threshold.
SGX-Log: Securing System Logs With SGX. Log files are targets for attackers as
the initial states of the attack may be shown in those log files and they could
be used for forensic purposes. To protect log files from attackers, this project
moves them into an SGX enclave. The SGX container provides confidentiality and
integrity, protecting the log files against tampering. Enclaves may be
deleted if the attacker gains access on the machine. The solution therefore does
not protect against deleting log files but focuses on tamper resistance. The
enclave can therefore serve as a trusted third party without the need to send
the log data over the network.
The Circle Game: Scalable Private Membership Test Using Trusted Hardware. SGX is
used for a local secure set test. Consumers send hashes to the cloud and the
cloud then checks for matches (e.g., for malware), making sure that no
information leaks about the hashes sent as input.
Strict Virtual Call Integrity Checking for C++ Binaries. This paper is
very similar to the
NDSS MARX paper,
extending the analysis with some form of CFI. The binary analysis reverse
engineers C++ binaries and recovers indirect call sites and class hierarchies.
After recovering this information, the indirect dispatches in the binary are
protected through a type-based lookup similar to VTrust but for binaries. The
results are great: precision is high and overhead is low. This work has been
developed concurrently to MARX.
Memory Safety for Embedded Devices with nesCheck. nesCheck is a
compiler-based approach that enforces a CCured-style type system on top of C
source code for embedded systems. Based on a compiler-based analysis, pointers
are classified as safe (no pointer arithmetic), sequence (only iteration, e.g.,
++ or --), and dynamic (arbitrary pointer arithmetic. Pointers classified as
safe do not need any instrumentation. For sequence and dynamic pointers our
compiler pass adds corresponding instrumentation to protect any accesses. Main
differences to CCured are the port to embedded systems and using a modern
compiler that allows fine-grained optimizations. See the paper for details.
DataShield: Configurable Data Confidentiality and Integrity. DataShield allows the
programmer to specify what data of a program is sensitive. Based on annotations
these sensitive types are protected against memory safety vulnerabilities,
enforcing integrity and confidentiality. All classic data cannot interfere with
the protected data. To support such a system, all data (heap, globals, and
stack) has to be split into safe and unsafe data. The runtime layout of a
DataShield process is separated into safe and classic views with no interaction
between classic and safe. Two case studies protect an SSL library and the SPEC
Visiting the UAE was interesting and I had time to explore both Dubai and Abu
Dhabi. The NYU campus in Abu Dhabi is a modern, open campus and the conference
was well organized. The memory safety and embedded sessions were very
interesting as were the extensive social events which included dinners and a