Frank Piessens
(Katholieke Universiteit Leuven, Belgium)hosted by Deepak Garg
"Validating models for microarchitectural security"
( MPI-SWS talk in Kooperation mit dem Fachbereich Informatik)
Microarchitectural security is one of the most challenging and exciting problems in system security today. With thediscovery of transient execution attacks, it has become clear that microarchitectural attacks have significant impact onthe security properties of software running on a processor that runs code from various stakeholders (such as, forinstance, in the cloud). This talk will first provide an overview of the current understanding of microarchitecturalsecurity, with a focus on how the research community has built formal models for processors that support proving thatsoftware is resilient to specific classes of microarchitectural attacks. Next, we turn to the problem of validatingthese proposed formal models: how can we convince ourselves and others that a given formal model is an adequate modelfor a given real-world processor, and that we can justifiably trust the security properties proven based on the model.This is an instance of the more general problem of empirically validating whether a real-world system satisfies theassumptions on which a formal model relies. We will discuss a small case study where we empirically validated a formallyproven security property of a simple processor by systematically attacking the corresponding real-world implementationof the processor. We end with some conclusions and reflections on how our experiences from this case study might help usbuild more adequate formal models.
Bio: Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium.His research field is software and system security, where he focuses on the development of high-assurance techniques todeal with implementation-level software vulnerabilities and bugs, including techniques such as software verification,run-time monitoring, hardware security architectures, type systems and programming language design. He has served on theprogram committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security &Privacy, and ACM POPL. He acted as program chair for the International symposium on Engineering Secure Software andSystems (ESSOS 2014 & 2015), for the International Conference on Principles of Security and Trust (POST 2016) and forthe IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019).
Time: | Wednesday, 15.09.2021, 10:30 |
---|---|
Place: | https://zoom.us/j/99457028566?pwd=bGllck5vS05iYnhtMGVCUzFGS1JqUT09 |
Termin als Datei downloaden und in den Kalender importieren.