Head of Networks Research Group, Department of Computer Science, University College London
Thursday, May 12, 2011
Software vulnerabilities persist, and so exploits continue to cause significant damage, particularly by divulging users’ sensitive data to miscreants. These attacks succeed principally because many networked applications are naively structured: they are monolithic, in that they execute all of their code with extensive (and therefore dangerous) privileges, in stark contravention of the widely venerated ideal of least-privilege modularity.
Three factors preserve this dismal status quo. First, today’s operating systems offer isolation primitives ill-suited to least-privilege programming. Second, regardless of the OS primitives available, it is difficult to introduce least-privilege modularity into legacy monolithic applications. And finally, minimizing privilege to protect sensitive data is subtle and heretofore poorly understood—as evidenced by the failure of state-of-the-art secure server designs to do so, particularly when cryptographic protocols are in use.
In this talk, I will describe how to surmount these challenges to protect users’ sensitive data in widely used, real-world networked applications. I’ll first describe Wedge, a set of OS primitives suited to least-privilege hardening of networked applications, coupled with program analysis tools that ease the introduction of least-privilege modularity into complex legacy code. I’ll then describe novel exploit-based attacks that allow an adversary to disclose sensitive data by subverting a cryptographic protocol in use—and how to thwart these attacks through fine-grained application of least-privilege modularity.
Brad Karp is a Reader (in US academic parlance, Associate Professor) in Computer Systems and Networks at the University College London (UCL) Department of Computer Science, where he is Head of the Networks Research Group. His research interests span wireless networks (past work includes the GPSR and CLDP scalable geographic routing protocols; more recent work has focused on increasing the capacity of 802.11 networks under interference using beam-steerable antennas), large-scale distributed systems (past work includes the Open DHT shared public service), and network and computer system security (past work includes the Autograph and Polygraph worm signature generation systems). Prior to taking up his post at UCL in late 2005, Karp held joint appointments at Intel Research and Carnegie Mellon, and as a researcher at ICSI.