Abstract: Many system software are performance critical, and they are typically implemented in unsafe programming languages that are efficient but prone to security vulnerabilities. Existing approaches to address vulnerable software tend to address some specific harmful effects (e.g., detection based on evidence of an exploit), and thus have limited effectiveness. For example, there have been many unfortunate cases where security holes are again uncovered in the supposed "patched" or protected systems security.
My research aims to eliminate the root cause of vulnerabilities. In this talk, I will present two tools that I have developed, DangNull and Caver. These tools protect a system from well-known as well as emerging memory corruption vulnerabilities including use-after-free and bad-casting. Specifically, DangNull relies on the key observation that the root cause of use-after-free is that pointers are not nullified after the target object is freed. Thus, DangNull instruments a program to trace the object's relationships via pointers and automatically nullifies all pointers when the target object is freed. Similarly, CaVer relies on the key observation that the root cause of bad-casting is that casting operations are not properly verified. Thus, CaVer uses a new runtime type tracing mechanism to overcome the limitation of existing approaches, and performs efficient verification on all type casting operations dynamically. We have implemented these protection solutions and successfully applied them to Chrome and Firefox browsers. Our evaluation showed that DangNull and CaVer imposes 29% and 7.6% benchmark overheads in Chrome, respectively. We have also tested seven use-after-free and five bad-casting exploits in Chrome, and DangNull and CaVer safely prevented them all.
Bio: Byoungyoung Lee is a Ph.D candidate in Computer Science at the Georgia Institute of Technology. His research is in the general area of computer security and privacy. In particular, his focus is in systems security, designing and implementing secure systems through analyzing and eliminating vulnerabilities. His research identified and helped to fix more than 100 security critical vulnerabilities in the major software including the Linux Kernel, Chrome, Firefox, and Safari. He received the Internet Defense Prize by Facebook and USENIX and the best applied security research paper (the 3rd place) by CSAW. His work has been published in top-tier security conferences (Oakland, USENIX Security, CCS, and NDSS) as well as other top-tier computer science conferences (SOSP, KDD, and WWW).