What a great time at the NDSS Symposium in San Diego. While it is always about meeting friends, catching up on projects, discussing new and exciting research and looking for potential collaborations, the HexHive lab also had the pleasure to present a total of four research papers at this conference! While the new location is no longer right at the beach, it has its perks with lots more restaurants nearby and great piers to stroll along.

Our works target the security and safety of core infrastructure such as browsers, hypervisors, and system services. Through a combination of mitigation, sanitization, and fuzzing we increase the resilience of our core systems against attacks.

First, Nicolas presented his PhD work on type++, where we introduce a dialect of C++ that is fully type safe. Type++ validates all cast operations at runtime and ensures that no type confusion is possible. With only 229 lines of code changed, we even protect most of Chromium with negligible performance impact.

Second, Liam presented his work on Dumpling, where we create detailed state snapshots as an oracle to detect misalignment between the V8 interpreter and optimizing compiler. This key insight of slightly modifying the JavaScript engine allows our fuzzer detailed visibility of the internal program state and enabled us to find severe vulnerabilities.

Third, Matteo presented his work on QMsan, where we design an efficient two-tier sanitizer that detects uninitialized memory during fuzzing campaigns. Through binary rewriting, we can check all executed code gaining essential coverage and reducing false positives. To further improve performance, we also greedily reduce instrumentation, only running it on demand.

Fourth, Zheyu presented his work on Truman, where we fuzz virtual devices of hypervisors. By automatically extracting state dependencies, inter-message dependencies, and intra-message dependencies we create precise peripheral models that our fuzzer then uses to thoroughly explore virtual devices.

While all credit goes to the students working tirelessly on these projects, I'm proud of the HexHive family that we achieved such a great and impressive result. Nicolas made great progress towards his PhD that he will defend in about a month, Liam and Julian did an amazing master project with us, Matteo, who was advised by Daniele, did immense progress on his PhD and Zheyu who was a visiting PhD student also just defended his PhD. In addition to the artifact evaluation, we are also extremely proud to receive two distinguished paper awards at NDSS for Type++ and Dumpling. Keep your eyes open for these people as they are out to do great things!

Other articles

Type++: A Type-Safe C++ Dialect

Published: Wed 26 February 2025
By Mathias Payer

In Academia.

tags: mitigation sanitizer type safety NDSS

The C++ language combines a massive potential for raw power with the massive risk of type and memory safety violations. The developer is inherently responsible for securing all executed code and to guarantee type safety and memory safety. We are particularly focused on type safety. In C++, developers can cast …
read more
Dumpling: dumping fine-grained execution state

Published: Wed 26 February 2025
By Mathias Payer

In Academia.

tags: fuzzing javascript NDSS

JavaScript engines face a dilemma: on one end, they need to be extremely efficient as they are processing millions of lines of JavaScript code, dynamically translating complex programs into efficient code. On the other end, the code may be controlled by an attacker that is trying to exploit bugs in …
read more
QMSan: discovering uninitialized memory errors in binaries

Published: Wed 26 February 2025
By Mathias Payer

In Academia.

tags: binary fuzzing sanitizer NDSS

Sanitizers serve as the primary bug detection Oracle during automated testing. They "crash" the program gracefully and tell the fuzzer when and where a bug was triggered. The most well-known sanitizer is ASan or AddressSanitizer which adds redzones around memory objects to detect whenever an access is out-of-bounds. MSan or …
read more
Truman: discovering hypervisor bugs through virtual device models

Published: Wed 26 February 2025
By Mathias Payer

In Academia.

tags: hypervisor fuzzing NDSS

Hypervisors power not just the cloud but are becoming a commodity in mobile phones and desktops as well. They separate virtual machines from each other, enabling strong isolation and security guarantees. In cloud environments, hypervisors separate non-trusting virtual machines and an attacker may try to compromise and gain access to …
read more
Positive reviewing in software security

Published: Sat 07 December 2019
By Mathias Payer

In Academia.

tags: NDSS SEC review

Yesterday we concluded the NDSS20 PC meeting. In total, 12% of papers were accepted, 6% now have a short fuse major revision opportunity, in line with other top tier conferences. The PC chairs handled the meeting well, striving for positivity and feedback for the authors. Overall, this was a great …
read more
Raising the BAR at NDSS 2018

Published: Wed 21 February 2018
By Mathias Payer

In Conferences.

tags: NDSS security

Just like every year, this year's NDSS was mid February in sunny (but not too warm) San Diego. To help cure the minimal 3 hour jetlag, I enjoyed a couple of morning runs with some of my colleagues -- if you want to get a workout done at a security conference …
read more

Other articles

links

social