Software Protection Measures- Inter-process CFI for peer/reciprocal monitoring in RISCV-based binaries

Speaker: Toyosi Oyinloye, PhD Student and VL, Computer Science
Venue: Microsoft Teams
Date: 25/5/2021 13:00 - 14:00

Abstract

Attacks stemming from software vulnerabilities that cause memory corruption often result in control flow hijacks and hold a place of notoriety in software exploitation. Existing defenses offer limited protection due to their specificity to system architecture, operating systems (OS) or hardware requirements and are often circumvented by increasingly sophisticated attack techniques.  This research focuses on the RISCV architecture.  RISCV is fast becoming popular as it is widely used in various forms of embedded devices such as smartphones, tablets, or other Internet of Things.  Studies have revealed different threats that could emerge in an environment that is based on the RISCV architecture and with the pace at which it is gaining popularity, it has become necessary to develop more resilient measures of protections with RISCV in mind.  Steps taken in this project include extensive in-depth literature review on existing defenses against control flow hijacks and memory corruption with the aim of contributing to the need for a secured environment for RISCV binaries.  Reviews have identified a concept based on Control Flow Integrity (CFI) as a promising solution to control flow hijacks via its various forms of deployment.  The innovation in view in this research proposes a possible additional layer of protection in RISCV-based Linux systems with the implementation of CFI that uses scrambled labels and takes log of rogue attempts on vulnerable applications.  This would subsequently be extended into peer/reciprocal monitoring between similar processes on the RISCV platform.

Speaker's Bio

Toyosi Oyinloye is a 2003 graduate of the University of Ilorin, Nigeria, with BSc in Computer Science.  Her career started as a Programmer/Analyst in Software Development and Database Management.  She obtained her MSc (with distinction) in Cyber Security from the University of Chester in 2019 and her dissertation work – Towards Cyber-User Awareness: Design and Evaluation was published in the 19th European Conference on Cyber Warfare and Security (ECCWS), 2020, with an award of special commendation.   Apart from Cyber-User Awareness, Toyosi’s interest for Cyber Security with respect to her background expertise has inspired her further studies in Software Protection Measures.  Her PhD study focuses on Software Protection via Control Flow Integrity (CFI), that is, securing systems by implementing CFI on software processes on various CPU architectures, like Reduced Instruction Set Computer (RISCV), x86, and other CPUs

guest
0 Comments
Inline Feedbacks
View all comments