Software Exploitation: Hardware is the New Black

Speaker: Cristiano Giuffrida , Vrije Universiteit, Amsterdam

Date: Monday, November 05, 2018

Time: 3:00 PM to 4:00 PM

Public: Yes

Location:

Event Type: Seminar

Room Description: 32-G882

Host: Frans Kaashoek, MIT/CSAIL

Contact: Frans Kaashoek, kaashoek@csail.mit.edu

Relevant URL:

Speaker URL: None

Speaker Photo:
None

Reminders to: seminars@lists.csail.mit.edu

Reminder Subject: TALK: Software Exploitation: Hardware is the New Black

What would the world be like if software had no bugs? Software systems
would be impenetrable and our data shielded from prying eyes? Not
quite. In this lecture, I will present evidence that reliable attacks
targeting even "perfect" software are a realistic threat. Such attacks
exploit properties of modern hardware to completely
subvert a system, even in absence of software or configuration bugs.
To substantiate this claim, I will illustrate practical attacks in
real-world systems settings, such as browsers, clouds, and mobile. The
implications are worrisome. Even bug-free (say formally verified)
software can be successfully targeted by a relatively low-effort
attacker. Moreover, state-of-the-art security defenses, which have
proven useful to raise the bar against traditional software
exploitation techniques, are completely ineffective against such
attacks. It is time to revisit our assumptions on realistic
adversarial models and investigate defenses that consider threats in
the entire hardware/software stack. Pandora's box has been opened.

Research Areas:
Security & Cryptography

Impact Areas:
Cybersecurity

This event is not part of a series.

Created by Frans Kaashoek Email at Monday, October 01, 2018 at 8:10 AM.