She sells root shells by the C(++) shore

Wednesday 30 September 16:30 - 17:00, Red room

Costin Ionescu (Broadcom)



The security industry is well aware of the importance of delivering secure solutions as part of their software offering given that their applications run with elevated privileges. Sometimes, even with the best intentions and carefully thought out precautions, blunders still happen.

This highlights the importance of a systemic approach that minimizes the impact of human (or soon AI-overlord) mistakes.

In this paper we'll briefly go over some of the existing approaches for hardening software - from virtualization, containerization and sandboxing to smaller-scale in-process focused solutions using a combination of hardware-assisted features with OS support and/or compiler features such as secure enclaves (Intel SGX), memory protection extensions (Intel MPX), ASLR in all modern OSes, GNU RELRO in GNU/Linux, Microsoft's Code Flow Guard, Control-flow Enforcement Technology (CET) Shadow Stack.

We'll also review similar securing efforts used in the browser world (such as Google's NaCl/PNaCl, asm.js, Mozilla's WASM) and discuss the evolution of safety features in modern languages (C++, Rust).

We can then discuss the approach that the security engines team in Symantec (now a division of Broadcom) took a few years back to secure new engine releases. We'll describe how clang/LLVM instrumentation is used to produce hardened binaries which dramatically reduce the risk of remote code execution, denial of service and other attacks, by severely mitigating the impact of bugs such as buffer overflows, unbounded recursion (stack exhaustion), infinite loops. The hardened binaries are then used as templates for micro in-process VMs (where we designate a portion of the process address space to be used as host for a separate execution unit).

We will demonstrate using some proof-of-concept code how this approach handles a few of the typical bugs mentioned above.

 

Costin-Iionescu-web.jpg

Costin Ionescu

Costin is a security researcher and security software developer with Symantec - now a division of Broadcom.



Back to VB2020 Programme page

Other VB2020 papers

If you don't know me by now...

Speaker TBA (National High Tech Crime Unit (NHTCU))

Operation LagTime IT: colourful Panda footprint

Fumio Ozawa (NTT Security)

Shogo Hayashi (NTT Security)

Rintaro Koike (NTT Security)

TBA

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.