Skip to main content

Secure Hardware-Software Architectures for Robust Computing Systems

Deliverables

Final implementation of the SHARCS hardware techniques

This document reports the implementation details of the selected hardware architectures used in the applications described in WP5.

Dissemination report, year 2

Updated dissemination report for the activities that took place in the second year of the SHARCS project.

Design specification of the SHARCS hardware techniques

This document reports a design specification for all hardware techniques, which will be used in the applications described in WP5.

Dissemination report, year 3

Final dissemination report for the activities of the SHARCS project.

Final implementation of the SHARCS runtime system, software tools and reporting

This document reports the implementation details of the selected software technologies (applied in the language, compiler, runtime and reporting) used in the applications described in WP5.

Recommendations report for security-by-design

The document containing the attack scenarios and how SHARCS technologies can be used to eliminate the possibility of such attacks, along with a list of recommendations for the relevant stakeholders.

Applications and framework requirements for secure-by-design systems

This document will define the requirements of the SHARCS framework. Specifically, what are the features of a secure-by-design system and how the layers of a computing system must be augmented to provide end-to-end security.

Design specification of the SHARCS runtime system, software tools and reporting

This document reports a design specification for all software technologies (applied in the language, compiler, runtime and reporting) which will be used in the applications described in WP5.

Dissemination report, year 1

This document will clearly define the dissemination objectives for the SHARCS project as well as to determine the dissemination channels and activities required to achieve these objectives. It will report on the activities performed, like press releases, presentations given, papers published, articles in popular media, etc. Each year we will report on the progress of the dissemination activities and the targets for the following year.

Requirements of the SHARCS runtime system, software tools and reporting

This document reports possible software technologies aligned with the application requirements, as analyzed in WP2.

SHARCS System architectures and requirements

This document reports possible architectures aligned with the application requirements, as analyzed in WP2. It will also report on the progress of the secure processor, secure memory and secure communication components.

Specification and guidelines for security-by-design

A technical document describing how other applications can take advantage of the SHARCS framework.

Website and collaboration tools

The website will be the main channel through which the general public will gain access to SHARCS results, publications, news and new tools developed in the context of this project. Therefore we plan to make this deliverable available as early as M2, and to regularly update it throughout the project until M36. It will fulfill three di↵erent roles: 1. It will deliver the general information about the project: participants, objectives, status reports and acknowledge EC contribution. 2. It will deliver end-user-oriented output in a friendly, helpful and e↵ective way. The website, along with various means of spreading information on the web, will be the main channel through which the general public will gain access to SHARCS results. 3. Finally, the website will be a complete repository of all the information the project has delivered (e.g., software, public deliverables and demonstrators). As with all our other projects, we will maintain the website beyond the life of the project. For better dissemination of the information, we will also take advantage of social media such as Twitter and Facebook, as a way to aggregate and reach out to our constituency. Complementary to the website, we will employ mailing lists for communication within the consortium and with our EAB. For collaboration, we will be using SVN to maintain all the important documents and all tools developed by the consortium members.

Publications

Secure key-exchange protocol for implants using heartbeats

Author(s): Robert M. Seepers, Jos H. Weber, Zekeriya Erkin, Ioannis Sourdis, Christos Strydis
Published in: Proceedings of the ACM International Conference on Computing Frontiers - CF '16, 2016, Page(s) 119-126
DOI: 10.1145/2903150.2903165

On Using a Von Neumann Extractor in Heart-Beat-Based Security

Author(s): Robert Mark Seepers, Christos Strydis, Ioannis Sourdis, Chris Innocentius De Zeeuw
Published in: 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, Page(s) 491-498
DOI: 10.1109/Trustcom.2015.411

Towards Automated Discovery of Crash-Resistant Primitives in Binary Executables

Author(s): Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R. K. Konoth, Cristiano Giuffrida, Herbert Bos, Thorsten Holz
Published in: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017, Page(s) 189-200
DOI: 10.1109/DSN.2017.58

The Dynamics of Innocent Flesh on the Bone - Code Reuse Ten Years Later

Author(s): Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrdia
Published in: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, Page(s) 1675-1689
DOI: 10.1145/3133956.3134026

Secure Page Fusion with VUsion - https://www.vusec.net/projects/VUsion

Author(s): Marco Oliverio, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 26th Symposium on Operating Systems Principles - SOSP '17, 2017, Page(s) 531-545
DOI: 10.1145/3132747.3132781

RevAnC - A Framework for Reverse Engineering Hardware Page Table Caches

Author(s): Stephan van Schaik, Kaveh Razavi, Ben Gras, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 10th European Workshop on Systems Security - EuroSec'17, 2017, Page(s) 1-6
DOI: 10.1145/3065913.3065918

Fast and Generic Metadata Management with Mid-Fat Pointers

Author(s): Taddeus Kroes, Koen Koning, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
Published in: Proceedings of the 10th European Workshop on Systems Security - EuroSec'17, 2017, Page(s) 1-6
DOI: 10.1145/3065913.3065920

CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks

Author(s): Xi Chen, Herbert Bos, Cristiano Giuffrida
Published in: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), 2017, Page(s) 514-529
DOI: 10.1109/EuroSP.2017.17

DangSan - Scalable Use-after-free Detection

Author(s): Erik van der Kouwe, Vinod Nigade, Cristiano Giuffrida
Published in: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 405-419
DOI: 10.1145/3064176.3064211

No Need to Hide - Protecting Safe Regions on Commodity Hardware

Author(s): Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, Elias Athanasopoulos
Published in: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 437-452
DOI: 10.1145/3064176.3064217

ASLR on the Line: Practical Cache Attacks on the MMU

Author(s): Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Box, Cristiano Giuffrida
Published in: NDSS Symposium 2017, 2017

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Author(s): A. Milburn, H. Bos, C. Giuffrida
Published in: NDSS Symposium 2017, 2017

VUzzer: Application-aware Evolutionary Fuzzing

Author(s): S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, H. Bos
Published in: NDSS 2017, 2017

MARX: Uncovering Class Hierarchies in C++ Programs

Author(s): Pawlowski, M. Contag, V. van der Veen, C. Ouwehand, T. Holz, H. Bos, E. Athanasopoulos, C. Giuffrida
Published in: NDSS Symposium 2017, 2017

A NEaT Design for Reliable and Scalable Network Stacks

Author(s): Tomas Hruby, Cristiano Giuffrida, Lionel Sambuc, Herbert Bos, Andrew S. Tanenbaum
Published in: Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies - CoNEXT '16, 2016, Page(s) 359-373
DOI: 10.1145/2999572.2999579

VTPin - practical VTable hijacking protection for binaries

Author(s): Pawel Sarbinowski, Vasileios P. Kemerlis, Cristiano Giuffrida, Elias Athanasopoulos
Published in: Proceedings of the 32nd Annual Conference on Computer Security Applications - ACSAC '16, 2016, Page(s) 448-459
DOI: 10.1145/2991079.2991121

Bypassing clang’s SafeStack for Fun and Profit.

Author(s): Enes Göktaş, Angelos Economopoulos, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos
Published in: Black Hat Europe, 2016, 2016

Flip Feng Shui Rowhammering the VM’s Isolation

Author(s): K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida, H. Bos
Published in: Black Hat Europe 2016, 2016

Peeking into the Past: Efficient Checkpoint-Assisted Time-Traveling Debugging

Author(s): Armando Miraglia, Dirk Vogt, Herbert Bos, Andy Tanenbaum, Cristiano Giuffrida
Published in: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), 2016, Page(s) 455-466
DOI: 10.1109/ISSRE.2016.9

TypeSan - Practical Type Confusion Detection

Author(s): Istvan Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
Published in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016, Page(s) 517-528
DOI: 10.1145/2976749.2978405

Drammer - Deterministic Rowhammer Attacks on Mobile Platforms

Author(s): Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
Published in: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016, Page(s) 1675-1689
DOI: 10.1145/2976749.2978406

Flip Feng Shui: Hammering a Needle in the Software Stack.

Author(s): Razavi, Kaveh, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos.
Published in: USENIX Security Symposium, 2016, Page(s) 1-18

Undermining Information Hiding (And What to do About it).

Author(s): Goktas, R. Gawlik, B. Kollenda, E. Athanasopoulos, G. Portokalidis, C. Giuffrida, H. Bos
Published in: USENIX Security Symposium, 2016

Poking Holes in Information Hiding

Author(s): A. Oikonomopoulos, E. Athanasopoulos, H. Bos, C. Giuffrida
Published in: USENIX Security Symposium, 2016

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries

Author(s): D. Andriesse, X. Chen, V. van der Veen, A. Slowinska, H. Bos
Published in: USENIX Security Symbosium, 2016

Over the Edge: Silently Owning Windows 10's Secure Browser

Author(s): E. Bosman, K. Razavi, H. Bos, C. Giuffrida
Published in: Black Hat USA, 2016, 2016

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Author(s): Koen Koning, Herbert Bos, Cristiano Giuffrida
Published in: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016, Page(s) 431-442
DOI: 10.1109/DSN.2016.46

OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems

Author(s): Koustubha Bhat, Dirk Vogt, Erik van der Kouwe, Ben Gras, Lionel Sambuc, Andrew S. Tanenbaum, Herbert Bos, Cristiano Giuffrida
Published in: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016, Page(s) 25-36
DOI: 10.1109/DSN.2016.12

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector

Author(s): Erik Bosman, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Published in: 2016 IEEE Symposium on Security and Privacy (SP), 2016, Page(s) 987-1004
DOI: 10.1109/SP.2016.63

Balancing accuracy, delay and battery autonomy for pervasive seizure detection

Author(s): Athanasios Karapatis, Robert M. Seepers, Marijn van Dongen, Wouter A. Serdijn, Christos Strydis
Published in: 2016 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), 2016, Page(s) 6343-6348
DOI: 10.1109/EMBC.2016.7592179

Library-Level Policy Enforcement

Author(s): Marinos Tsantekidis, Vassilis Prevelakis
Published in: SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies, 2017, Page(s) 34 - 38

A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level.

Author(s): Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida.
Published in: Proceeding of the 37th IEEE Symposium on Security and Privacy, 2016

Secure and Efficient Multi-variant Execution Using Hardware-assisted Process Virtualization.

Author(s): Koen Koning, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016

Controlling Change via Policy Contracts.

Author(s): Vassilis Prevelakis and Mohammad Hamad
Published in: Proceedings of the Internet of Things Software Update Workshop (IoTSU), 2016

METAlloc - efficient and comprehensive metadata management for software security hardening

Author(s): Istvan Haller, Erik van der Kouwe, Cristiano Giuffrida, Herbert Bos
Published in: Proceedings of the 9th European Workshop on System Security - EuroSec '16, 2016, Page(s) 1-6
DOI: 10.1145/2905760.2905766

HCFI - Hardware-enforced Control-Flow Integrity

Author(s): Nick Christoulakis, George Christou, Elias Athanasopoulos, Sotiris Ioannidis
Published in: Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy - CODASPY '16, 2016, Page(s) 38-49
DOI: 10.1145/2857705.2857722

Speculative Memory Checkpointing

Author(s): Dirk Vogt, Armando Miraglia, Georgios Portokalidis, Herbert Bos, Andy Tanenbaum, Cristiano Giuffrida
Published in: Proceedings of the 16th Annual Middleware Conference on - Middleware '15, 2015, Page(s) 197-209
DOI: 10.1145/2814576.2814802

ShrinkWrap - VTable Protection without Loose Ends

Author(s): Istvan Haller, Enes Göktaş, Elias Athanasopoulos, Georgios Portokalidis, Herbert Bos
Published in: Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015, 2015, Page(s) 341-350
DOI: 10.1145/2818000.2818025

Practical Context-Sensitive CFI

Author(s): Victor van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida
Published in: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015, Page(s) 927-940
DOI: 10.1145/2810103.2813673

Enhancing Heart-Beat-Based Security for mHealth Applications

Author(s): Robert Seepers, Christos Strydis, Ioannis Sourdis, Chris De Zeeuw
Published in: IEEE Journal of Biomedical and Health Informatics, 2016, Page(s) 1-1, ISSN 2168-2194
DOI: 10.1109/JBHI.2015.2496151

Attacks on Heartbeat-Based Security Using Remote Photoplethysmography

Author(s): Robert M. Seepers, Wenjin Wang, Gerard de Haan, Ioannis Sourdis, Christos Strydis
Published in: IEEE Journal of Biomedical and Health Informatics, 2016, Page(s) 1-1, ISSN 2168-2194
DOI: 10.1109/JBHI.2017.2691282

Binary Rejuvenation: Applications and Challenges

Author(s): Angelos Oikonomopoulos, Cristiano Giuffrida, Sanjay Rawat, Herbert Bos
Published in: IEEE Security & Privacy, Issue 14/1, 2016, Page(s) 68-71, ISSN 1540-7993
DOI: 10.1109/MSP.2016.20

Leveraging DNS for timely SSL Certificate Revocation.

Author(s): Eirini Degkleri, Antonios A. Chariton, Panagiotis Ilia, Panagiotis Papadopoulos, Evangelos P. Markatos
Published in: 3rd ACM-W Europe Celebration of Women in Computing, 2016

Cyber-Physical Systems: Closing the Gap between Hardware and Software

Author(s): Marcel Caria
Published in: ERCIM News No. 106, 2016

EU-funded research to create secure-by-design architectures.

Author(s): Vassilis Prevelakis
Published in: HiPEAC Info Newsletter, vol. 42, 2015, Page(s) 11

Uw hartslag als wachtwoord.

Author(s): Christos Strydis
Published in: Monitor, 2016

Using heartbeats to secure pacemaker communication.

Author(s): Christos Strydis
Published in: 2015

Secure Hardware-Software Architectures for Robust Computing Systems

Author(s): Elias Athanasopoulos, Martin Boehner, Sotiris Ioannidis, Cristiano Giuffrida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson
Published in: E-Democracy – Citizen Rights in the World of the New Computing Paradigms, 2015, Page(s) 209-212
DOI: 10.1007/978-3-319-27164-4_17

Increasing the Trustworthiness of Embedded Applications.

Author(s): Elias Athanasopoulos, Martin Boehner, Cristiano Giuffrida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson
Published in: In Proceedings of the 8th International Conference on Trust & Trustworthy Computing, 2015, Page(s) 321-322

GPU-Disasm: A GPU-Based X86 Disassembler

Author(s): Evangelos Ladakis, Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, Georgios Portokalidis
Published in: Information Security, 2015, Page(s) 472-489
DOI: 10.1007/978-3-319-23318-5_26