BEGIN:VCALENDAR VERSION:2.0 PRODID:-//talks.cam.ac.uk//v3//EN BEGIN:VTIMEZONE TZID:Europe/London BEGIN:DAYLIGHT TZOFFSETFROM:+0000 TZOFFSETTO:+0100 TZNAME:BST DTSTART:19700329T010000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:+0100 TZOFFSETTO:+0000 TZNAME:GMT DTSTART:19701025T020000 RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT CATEGORIES:Computer Laboratory Security Seminar SUMMARY:Protecting Programs During Resource Retrieval - Pr ofessor Trent Jaeger\, CSE Department\, Pennsylvan ia State University DTSTART;TZID=Europe/London:20140429T150000 DTEND;TZID=Europe/London:20140429T160000 UID:TALK51898AThttp://talks.cam.ac.uk URL:http://talks.cam.ac.uk/talk/index/51898 DESCRIPTION:*Abstract:*\nPrograms must retrieve many system re sources to execute properly\, but\nthere are sever al classes of vulnerabilities that may befall prog rams\nduring resource retrieval. These vulnerabil ities are difficult for\nprogrammers to eliminate because their cause is external to the\nprogram: a dversaries may control the inputs used to build na mes\,\nnamespaces used to find the target resource s\, and the target resources\nthemselves to trick victim programs to retrieve resources of the\nadve rsaries' choosing. In this talk\, I will present a system\nmechanism\, called the Process Firewall\ , that protects programs from\nvulnerabilities dur ing resource retrieval by introspecting into \nrun ning programs to enforce context-specific rules. Our key insight\nis that using introspection to pr event such vulnerabilities is safe\nbecause we onl y aim to protect processes\, relying on access con trol to\nconfine malicious processes. I will show that the Process Firewall\ncan prevent many types of vulnerabilities during resource retrieval\,\ni ncluding those involving race conditions. I will also show how to\nperform such introspection and e nforcement efficiently\, incurring much\nlower ove rhead than equivalent program defenses. Finally\, I will\ndescribe a conceptual model that describe s the conditions for safe\nresource retrieval\, an d outline how to produce enforceable rules from\nt hat model. By following this model\, we find that the Process\nFirewall mechanism can prevent many vulnerabilities during resource\nretrieval without causing false positives.\n\n*Bio:*\nTrent Jaeger is a Professor in the Computer Science and Enginee ring\nDepartment at The Pennsylvania State Univers ity and the Co-Director of\nthe Systems and Intern et Infrastructure Security Lab. Trent's\nresearch interests include systems security and the applic ation of\nprogramming language techniques to impro ve security. He has published\nover 100 referreed papers on these topics and the book "Operating\nS ystems Security\," which examines the principles b ehind secure\noperating systems designs. Trent ha s made a variety of contributions\nto open source systems security\, particularly to the Linux Secur ity\nModules framework\, SELinux\, integrity measu rement in Linux\, and the\nXen security architectu re. He is currently the Chair of the ACM\nSpecial Interest Group on Security\, Audit\, and Control (SIGSAC) and\nProgram Chair of ASIACCS 2014. Tren t has an M.S. and a Ph.D. from the\nUniversity of Michigan\, Ann Arbor in Computer Science and Engin eering\nin 1993 and 1997\, respectively\, and spen t nine years at IBM Research\nprior to joining Pen n State.\n\n\n LOCATION:Lecture Theatre 2\, Computer Laboratory\, William Gates Building CONTACT:Laurent Simon END:VEVENT END:VCALENDAR