Midas
Systematic kernel TOCTTOU protection
During a syscall, the kernel might read multiple times a value from userspace. As theses are controlled by the unpriviliged process, it may introduce subtle changes of behavior and possible hard-to-detect attacks, a classic time-of-check-to-time-of-use bug. Midas disable this attack surface by always returning the same values during a given syscall.
BinaryDebugProtection
- Technical
- Research papers
- Source code: Lab GitHub
- Last commit: 2021-12-08
Our research focuses on software and systems security. Despite efforts and improvements in bug discovery techniques, some exploitable vulnerabilities will remain. We target techniques that both enable developers to discover and remove bugs and make programs resilient against the exploitation of unknown or unpatched vulnerabilities.
All prototypes are released as open-source.
- To discover bugs we propose (i) sanitization techniques that enforce a security property such as memory or type safety; given concrete program input, our sanitizers then flag any property violations (ii) fuzzing techniques that leverage static and dynamic analysis to create program inputs to explore program areas that are not yet covered through existing test cases.
- To protect against exploitable vulnerabilities, we focus on control-flow integrity using specific language semantics, enforcing type integrity, and protecting selective data. Under this premise, we focus on compiler-based, runtime-based, and language-based protection mechanisms and security policies that increase the resilience of applications against attacks (in the presence of software vulnerabilities).
All prototypes are released as open-source.
This page was last edited on 2024-04-12.
This page was last edited on 2024-04-12.