Skip to main content

Secure Hardware-Software Architectures for Robust Computing Systems

Rezultaty

Final implementation of the SHARCS hardware techniques

This document reports the implementation details of the selected hardware architectures used in the applications described in WP5.

Dissemination report, year 2

Updated dissemination report for the activities that took place in the second year of the SHARCS project.

Design specification of the SHARCS hardware techniques

This document reports a design specification for all hardware techniques, which will be used in the applications described in WP5.

Dissemination report, year 3

Final dissemination report for the activities of the SHARCS project.

Final implementation of the SHARCS runtime system, software tools and reporting

This document reports the implementation details of the selected software technologies (applied in the language, compiler, runtime and reporting) used in the applications described in WP5.

Recommendations report for security-by-design

The document containing the attack scenarios and how SHARCS technologies can be used to eliminate the possibility of such attacks, along with a list of recommendations for the relevant stakeholders.

Applications and framework requirements for secure-by-design systems

This document will define the requirements of the SHARCS framework. Specifically, what are the features of a secure-by-design system and how the layers of a computing system must be augmented to provide end-to-end security.

Design specification of the SHARCS runtime system, software tools and reporting

This document reports a design specification for all software technologies (applied in the language, compiler, runtime and reporting) which will be used in the applications described in WP5.

Dissemination report, year 1

This document will clearly define the dissemination objectives for the SHARCS project as well as to determine the dissemination channels and activities required to achieve these objectives. It will report on the activities performed, like press releases, presentations given, papers published, articles in popular media, etc. Each year we will report on the progress of the dissemination activities and the targets for the following year.

Requirements of the SHARCS runtime system, software tools and reporting

This document reports possible software technologies aligned with the application requirements, as analyzed in WP2.

SHARCS System architectures and requirements

This document reports possible architectures aligned with the application requirements, as analyzed in WP2. It will also report on the progress of the secure processor, secure memory and secure communication components.

Specification and guidelines for security-by-design

A technical document describing how other applications can take advantage of the SHARCS framework.

Website and collaboration tools

The website will be the main channel through which the general public will gain access to SHARCS results, publications, news and new tools developed in the context of this project. Therefore we plan to make this deliverable available as early as M2, and to regularly update it throughout the project until M36. It will fulfill three di↵erent roles: 1. It will deliver the general information about the project: participants, objectives, status reports and acknowledge EC contribution. 2. It will deliver end-user-oriented output in a friendly, helpful and e↵ective way. The website, along with various means of spreading information on the web, will be the main channel through which the general public will gain access to SHARCS results. 3. Finally, the website will be a complete repository of all the information the project has delivered (e.g., software, public deliverables and demonstrators). As with all our other projects, we will maintain the website beyond the life of the project. For better dissemination of the information, we will also take advantage of social media such as Twitter and Facebook, as a way to aggregate and reach out to our constituency. Complementary to the website, we will employ mailing lists for communication within the consortium and with our EAB. For collaboration, we will be using SVN to maintain all the important documents and all tools developed by the consortium members.

Publikacje

Secure key-exchange protocol for implants using heartbeats

Autorzy: Robert M. Seepers, Jos H. Weber, Zekeriya Erkin, Ioannis Sourdis, Christos Strydis
Opublikowane w: Proceedings of the ACM International Conference on Computing Frontiers - CF '16, 2016, Page(s) 119-126, ISBN 9781-450341288
Wydawca: ACM Press
DOI: 10.1145/2903150.2903165

On Using a Von Neumann Extractor in Heart-Beat-Based Security

Autorzy: Robert Mark Seepers, Christos Strydis, Ioannis Sourdis, Chris Innocentius De Zeeuw
Opublikowane w: 2015 IEEE Trustcom/BigDataSE/ISPA, 2015, Page(s) 491-498, ISBN 978-1-4673-7952-6
Wydawca: IEEE
DOI: 10.1109/Trustcom.2015.411

Towards Automated Discovery of Crash-Resistant Primitives in Binary Executables

Autorzy: Benjamin Kollenda, Enes Goktas, Tim Blazytko, Philipp Koppe, Robert Gawlik, R. K. Konoth, Cristiano Giuffrida, Herbert Bos, Thorsten Holz
Opublikowane w: 2017 47th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2017, Page(s) 189-200, ISBN 978-1-5386-0542-4
Wydawca: IEEE
DOI: 10.1109/DSN.2017.58

The Dynamics of Innocent Flesh on the Bone - Code Reuse Ten Years Later

Autorzy: Victor van der Veen, Dennis Andriesse, Manolis Stamatogiannakis, Xi Chen, Herbert Bos, Cristiano Giuffrdia
Opublikowane w: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17, 2017, Page(s) 1675-1689, ISBN 9781-450349468
Wydawca: ACM Press
DOI: 10.1145/3133956.3134026

Secure Page Fusion with VUsion - https://www.vusec.net/projects/VUsion

Autorzy: Marco Oliverio, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Opublikowane w: Proceedings of the 26th Symposium on Operating Systems Principles - SOSP '17, 2017, Page(s) 531-545, ISBN 9781-450350853
Wydawca: ACM Press
DOI: 10.1145/3132747.3132781

RevAnC - A Framework for Reverse Engineering Hardware Page Table Caches

Autorzy: Stephan van Schaik, Kaveh Razavi, Ben Gras, Herbert Bos, Cristiano Giuffrida
Opublikowane w: Proceedings of the 10th European Workshop on Systems Security - EuroSec'17, 2017, Page(s) 1-6, ISBN 9781-450349352
Wydawca: ACM Press
DOI: 10.1145/3065913.3065918

Fast and Generic Metadata Management with Mid-Fat Pointers

Autorzy: Taddeus Kroes, Koen Koning, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
Opublikowane w: Proceedings of the 10th European Workshop on Systems Security - EuroSec'17, 2017, Page(s) 1-6, ISBN 9781-450349352
Wydawca: ACM Press
DOI: 10.1145/3065913.3065920

CodeArmor: Virtualizing the Code Space to Counter Disclosure Attacks

Autorzy: Xi Chen, Herbert Bos, Cristiano Giuffrida
Opublikowane w: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), 2017, Page(s) 514-529, ISBN 978-1-5090-5762-7
Wydawca: IEEE
DOI: 10.1109/EuroSP.2017.17

DangSan - Scalable Use-after-free Detection

Autorzy: Erik van der Kouwe, Vinod Nigade, Cristiano Giuffrida
Opublikowane w: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 405-419, ISBN 9781-450349383
Wydawca: ACM Press
DOI: 10.1145/3064176.3064211

No Need to Hide - Protecting Safe Regions on Commodity Hardware

Autorzy: Koen Koning, Xi Chen, Herbert Bos, Cristiano Giuffrida, Elias Athanasopoulos
Opublikowane w: Proceedings of the Twelfth European Conference on Computer Systems - EuroSys '17, 2017, Page(s) 437-452, ISBN 9781-450349383
Wydawca: ACM Press
DOI: 10.1145/3064176.3064217

ASLR on the Line: Practical Cache Attacks on the MMU

Autorzy: Ben Gras, Kaveh Razavi, Erik Bosman, Herbert Box, Cristiano Giuffrida
Opublikowane w: NDSS Symposium 2017, 2017
Wydawca: IEEE

SafeInit: Comprehensive and Practical Mitigation of Uninitialized Read Vulnerabilities

Autorzy: A. Milburn, H. Bos, C. Giuffrida
Opublikowane w: NDSS Symposium 2017, 2017
Wydawca: IEEE

VUzzer: Application-aware Evolutionary Fuzzing

Autorzy: S. Rawat, V. Jain, A. Kumar, L. Cojocar, C. Giuffrida, H. Bos
Opublikowane w: NDSS 2017, 2017
Wydawca: IEEE

MARX: Uncovering Class Hierarchies in C++ Programs

Autorzy: Pawlowski, M. Contag, V. van der Veen, C. Ouwehand, T. Holz, H. Bos, E. Athanasopoulos, C. Giuffrida
Opublikowane w: NDSS Symposium 2017, 2017
Wydawca: IEEE

A NEaT Design for Reliable and Scalable Network Stacks

Autorzy: Tomas Hruby, Cristiano Giuffrida, Lionel Sambuc, Herbert Bos, Andrew S. Tanenbaum
Opublikowane w: Proceedings of the 12th International on Conference on emerging Networking EXperiments and Technologies - CoNEXT '16, 2016, Page(s) 359-373, ISBN 9781-450342926
Wydawca: ACM Press
DOI: 10.1145/2999572.2999579

VTPin - practical VTable hijacking protection for binaries

Autorzy: Pawel Sarbinowski, Vasileios P. Kemerlis, Cristiano Giuffrida, Elias Athanasopoulos
Opublikowane w: Proceedings of the 32nd Annual Conference on Computer Security Applications - ACSAC '16, 2016, Page(s) 448-459, ISBN 9781-450347716
Wydawca: ACM Press
DOI: 10.1145/2991079.2991121

Bypassing clang’s SafeStack for Fun and Profit.

Autorzy: Enes Göktaş, Angelos Economopoulos, Robert Gawlik, Benjamin Kollenda, Elias Athanasopoulos, Georgios Portokalidis, Cristiano Giuffrida, Herbert Bos
Opublikowane w: Black Hat Europe, 2016, 2016
Wydawca: Black Hat Europe

Flip Feng Shui Rowhammering the VM’s Isolation

Autorzy: K. Razavi, B. Gras, E. Bosman, B. Preneel, C. Giuffrida, H. Bos
Opublikowane w: Black Hat Europe 2016, 2016
Wydawca: Blackhat Europe

Peeking into the Past: Efficient Checkpoint-Assisted Time-Traveling Debugging

Autorzy: Armando Miraglia, Dirk Vogt, Herbert Bos, Andy Tanenbaum, Cristiano Giuffrida
Opublikowane w: 2016 IEEE 27th International Symposium on Software Reliability Engineering (ISSRE), 2016, Page(s) 455-466, ISBN 978-1-4673-9002-6
Wydawca: IEEE
DOI: 10.1109/ISSRE.2016.9

TypeSan - Practical Type Confusion Detection

Autorzy: Istvan Haller, Yuseok Jeon, Hui Peng, Mathias Payer, Cristiano Giuffrida, Herbert Bos, Erik van der Kouwe
Opublikowane w: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016, Page(s) 517-528, ISBN 9781-450341394
Wydawca: ACM Press
DOI: 10.1145/2976749.2978405

Drammer - Deterministic Rowhammer Attacks on Mobile Platforms

Autorzy: Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clementine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, Cristiano Giuffrida
Opublikowane w: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security - CCS'16, 2016, Page(s) 1675-1689, ISBN 9781-450341394
Wydawca: ACM Press
DOI: 10.1145/2976749.2978406

Flip Feng Shui: Hammering a Needle in the Software Stack.

Autorzy: Razavi, Kaveh, Ben Gras, Erik Bosman, Bart Preneel, Cristiano Giuffrida, and Herbert Bos.
Opublikowane w: USENIX Security Symposium, 2016, Page(s) 1-18
Wydawca: USENIX

Undermining Information Hiding (And What to do About it).

Autorzy: Goktas, R. Gawlik, B. Kollenda, E. Athanasopoulos, G. Portokalidis, C. Giuffrida, H. Bos
Opublikowane w: USENIX Security Symposium, 2016
Wydawca: USENIX

Poking Holes in Information Hiding

Autorzy: A. Oikonomopoulos, E. Athanasopoulos, H. Bos, C. Giuffrida
Opublikowane w: USENIX Security Symposium, 2016
Wydawca: USENIX

An In-Depth Analysis of Disassembly on Full-Scale x86/x64 Binaries

Autorzy: D. Andriesse, X. Chen, V. van der Veen, A. Slowinska, H. Bos
Opublikowane w: USENIX Security Symbosium, 2016
Wydawca: USENIX

Over the Edge: Silently Owning Windows 10's Secure Browser

Autorzy: E. Bosman, K. Razavi, H. Bos, C. Giuffrida
Opublikowane w: Black Hat USA, 2016, 2016
Wydawca: Black Hat USA

Secure and Efficient Multi-Variant Execution Using Hardware-Assisted Process Virtualization

Autorzy: Koen Koning, Herbert Bos, Cristiano Giuffrida
Opublikowane w: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016, Page(s) 431-442, ISBN 978-1-4673-8891-7
Wydawca: IEEE
DOI: 10.1109/DSN.2016.46

OSIRIS: Efficient and Consistent Recovery of Compartmentalized Operating Systems

Autorzy: Koustubha Bhat, Dirk Vogt, Erik van der Kouwe, Ben Gras, Lionel Sambuc, Andrew S. Tanenbaum, Herbert Bos, Cristiano Giuffrida
Opublikowane w: 2016 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), 2016, Page(s) 25-36, ISBN 978-1-4673-8891-7
Wydawca: IEEE
DOI: 10.1109/DSN.2016.12

Dedup Est Machina: Memory Deduplication as an Advanced Exploitation Vector

Autorzy: Erik Bosman, Kaveh Razavi, Herbert Bos, Cristiano Giuffrida
Opublikowane w: 2016 IEEE Symposium on Security and Privacy (SP), 2016, Page(s) 987-1004, ISBN 978-1-5090-0824-7
Wydawca: IEEE
DOI: 10.1109/SP.2016.63

Balancing accuracy, delay and battery autonomy for pervasive seizure detection

Autorzy: Athanasios Karapatis, Robert M. Seepers, Marijn van Dongen, Wouter A. Serdijn, Christos Strydis
Opublikowane w: 2016 38th Annual International Conference of the IEEE Engineering in Medicine and Biology Society (EMBC), 2016, Page(s) 6343-6348, ISBN 978-1-4577-0220-4
Wydawca: IEEE
DOI: 10.1109/EMBC.2016.7592179

Library-Level Policy Enforcement

Autorzy: Marinos Tsantekidis, Vassilis Prevelakis
Opublikowane w: SECURWARE 2017, The Eleventh International Conference on Emerging Security Information, Systems and Technologies, 2017, Page(s) 34 - 38, ISBN 978-1-61208-582-1
Wydawca: IARIA

A Tough call: Mitigating Advanced Code-Reuse Attacks at the Binary Level.

Autorzy: Victor van der Veen, Enes Goktas, Moritz Contag, Andre Pawlowski, Xi Chen, Sanjay Rawat, Herbert Bos, Thorsten Holz, Elias Athanasopoulos, and Cristiano Giuffrida.
Opublikowane w: Proceeding of the 37th IEEE Symposium on Security and Privacy, 2016
Wydawca: IEEE

Secure and Efficient Multi-variant Execution Using Hardware-assisted Process Virtualization.

Autorzy: Koen Koning, Herbert Bos, Cristiano Giuffrida
Opublikowane w: Proceedings of the 46th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, 2016
Wydawca: IEEE

Controlling Change via Policy Contracts.

Autorzy: Vassilis Prevelakis and Mohammad Hamad
Opublikowane w: Proceedings of the Internet of Things Software Update Workshop (IoTSU), 2016
Wydawca: IAB

METAlloc - efficient and comprehensive metadata management for software security hardening

Autorzy: Istvan Haller, Erik van der Kouwe, Cristiano Giuffrida, Herbert Bos
Opublikowane w: Proceedings of the 9th European Workshop on System Security - EuroSec '16, 2016, Page(s) 1-6, ISBN 9781-450342957
Wydawca: ACM Press
DOI: 10.1145/2905760.2905766

HCFI - Hardware-enforced Control-Flow Integrity

Autorzy: Nick Christoulakis, George Christou, Elias Athanasopoulos, Sotiris Ioannidis
Opublikowane w: Proceedings of the Sixth ACM on Conference on Data and Application Security and Privacy - CODASPY '16, 2016, Page(s) 38-49, ISBN 9781-450339353
Wydawca: ACM Press
DOI: 10.1145/2857705.2857722

Speculative Memory Checkpointing

Autorzy: Dirk Vogt, Armando Miraglia, Georgios Portokalidis, Herbert Bos, Andy Tanenbaum, Cristiano Giuffrida
Opublikowane w: Proceedings of the 16th Annual Middleware Conference on - Middleware '15, 2015, Page(s) 197-209, ISBN 9781-450336185
Wydawca: ACM Press
DOI: 10.1145/2814576.2814802

ShrinkWrap - VTable Protection without Loose Ends

Autorzy: Istvan Haller, Enes Göktaş, Elias Athanasopoulos, Georgios Portokalidis, Herbert Bos
Opublikowane w: Proceedings of the 31st Annual Computer Security Applications Conference on - ACSAC 2015, 2015, Page(s) 341-350, ISBN 9781-450336826
Wydawca: ACM Press
DOI: 10.1145/2818000.2818025

Practical Context-Sensitive CFI

Autorzy: Victor van der Veen, Dennis Andriesse, Enes Göktaş, Ben Gras, Lionel Sambuc, Asia Slowinska, Herbert Bos, Cristiano Giuffrida
Opublikowane w: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security - CCS '15, 2015, Page(s) 927-940, ISBN 9781-450338325
Wydawca: ACM Press
DOI: 10.1145/2810103.2813673

Enhancing Heart-Beat-Based Security for mHealth Applications

Autorzy: Robert Seepers, Christos Strydis, Ioannis Sourdis, Chris De Zeeuw
Opublikowane w: IEEE Journal of Biomedical and Health Informatics, 2016, Page(s) 1-1, ISSN 2168-2194
Wydawca: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/JBHI.2015.2496151

Attacks on Heartbeat-Based Security Using Remote Photoplethysmography

Autorzy: Robert M. Seepers, Wenjin Wang, Gerard de Haan, Ioannis Sourdis, Christos Strydis
Opublikowane w: IEEE Journal of Biomedical and Health Informatics, 2016, Page(s) 1-1, ISSN 2168-2194
Wydawca: Institute of Electrical and Electronics Engineers Inc.
DOI: 10.1109/JBHI.2017.2691282

Binary Rejuvenation: Applications and Challenges

Autorzy: Angelos Oikonomopoulos, Cristiano Giuffrida, Sanjay Rawat, Herbert Bos
Opublikowane w: IEEE Security & Privacy, 14/1, 2016, Page(s) 68-71, ISSN 1540-7993
Wydawca: IEEE Computer Society
DOI: 10.1109/MSP.2016.20

Leveraging DNS for timely SSL Certificate Revocation.

Autorzy: Eirini Degkleri, Antonios A. Chariton, Panagiotis Ilia, Panagiotis Papadopoulos, Evangelos P. Markatos
Opublikowane w: 3rd ACM-W Europe Celebration of Women in Computing, 2016
Wydawca: ACM

Cyber-Physical Systems: Closing the Gap between Hardware and Software

Autorzy: Marcel Caria
Opublikowane w: ERCIM News No. 106, 2016
Wydawca: ERCIM

EU-funded research to create secure-by-design architectures.

Autorzy: Vassilis Prevelakis
Opublikowane w: HiPEAC Info Newsletter, vol. 42, 2015, Page(s) 11
Wydawca: HiPEAC

Uw hartslag als wachtwoord.

Autorzy: Christos Strydis
Opublikowane w: Monitor, 2016
Wydawca: Monitor Magazin

Using heartbeats to secure pacemaker communication.

Autorzy: Christos Strydis
Opublikowane w: 2015
Wydawca: HorizonHealth

Secure Hardware-Software Architectures for Robust Computing Systems

Autorzy: Elias Athanasopoulos, Martin Boehner, Sotiris Ioannidis, Cristiano Giuffrida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson
Opublikowane w: E-Democracy – Citizen Rights in the World of the New Computing Paradigms, 2015, Page(s) 209-212, ISBN 978-3-319-27164-4
Wydawca: Springer International Publishing
DOI: 10.1007/978-3-319-27164-4_17

Increasing the Trustworthiness of Embedded Applications.

Autorzy: Elias Athanasopoulos, Martin Boehner, Cristiano Giuffrida, Dmitry Pidan, Vassilis Prevelakis, Ioannis Sourdis, Christos Strydis, John Thomson
Opublikowane w: In Proceedings of the 8th International Conference on Trust & Trustworthy Computing, 2015, Page(s) 321-322
Wydawca: Springer International Publishing

GPU-Disasm: A GPU-Based X86 Disassembler

Autorzy: Evangelos Ladakis, Giorgos Vasiliadis, Michalis Polychronakis, Sotiris Ioannidis, Georgios Portokalidis
Opublikowane w: Information Security, 2015, Page(s) 472-489, ISBN 978-3-319-23318-5
Wydawca: Springer International Publishing
DOI: 10.1007/978-3-319-23318-5_26