Title:
Performant Software Hardening under Hardware Support

dc.contributor.advisor Kim, Taesoo
dc.contributor.author Ding, Ren
dc.contributor.committeeMember Lee, Wenke
dc.contributor.committeeMember Orso, Alessandro
dc.contributor.committeeMember Saltaformaggio, Brendan
dc.contributor.committeeMember Jang, Yeongjin
dc.contributor.department Computer Science
dc.date.accessioned 2021-06-10T16:58:08Z
dc.date.available 2021-06-10T16:58:08Z
dc.date.created 2021-05
dc.date.issued 2021-05-06
dc.date.submitted May 2021
dc.date.updated 2021-06-10T16:58:08Z
dc.description.abstract With a booming number of applications and end-users in the past decade, software security has been emphasized more than ever. Nonetheless, a consistent increase of security-critical bugs has been observed along the way, mainly due to the variety and complexity of existing software pieces. To mitigate the situation, software hardening in the daily development cycle typically involves three phases, including bug finding, runtime security enforcement, and fault analyses in case the prior steps have failed. Among the various software hardening techniques proposed, a considerable number of works have relied on available hardware support to achieve their goals. The reasons behind the noticeable trend are three-folded. First, the performance benefit from hardware can be substantial compared to a purely software-based solution. Second, compatibility and ease of use are also keys for more solutions to adopt hardware features besides the performance gain. Last, implementation with hardware support can consequentially present a smaller codebase, thus introducing less attack surface for attackers. In this dissertation, I present three hardware-assisted solutions for performant software hardening. The first one is PITTYPAT, a runtime enforcement for path-sensitive control-flow integrity. By utilizing Intel PT, it computes branch targets with points-to analyses in an efficient and precise manner. The second one is SNAP, a customized hardware platform that implements hardware primitives to enhance the performance of coverage-guided fuzzing. Given the program states originated from the existing CPU pipeline, our prototype on the FPGA platform enables a transparent support of fuzzing with near-zero tracing overhead. Finally, I will present a nested virtualization framework for fuzzing non-user applications, such as hypervisors. With a snapshot mechanism supported by the x86 virtualization extension and a customized kernel for fuzzing execution, our system demonstrates a 72x improvement on the fuzzing throughput compared to the prior solutions, and finds 14 zero-day bugs among the real-world hypervisors.
dc.description.degree Ph.D.
dc.format.mimetype application/pdf
dc.identifier.uri http://hdl.handle.net/1853/64795
dc.language.iso en_US
dc.publisher Georgia Institute of Technology
dc.subject Software security
dc.subject Hardware
dc.title Performant Software Hardening under Hardware Support
dc.type Text
dc.type.genre Dissertation
dspace.entity.type Publication
local.contributor.advisor Kim, Taesoo
local.contributor.corporatename College of Computing
relation.isAdvisorOfPublication e96debb0-758f-49d4-8ed9-307227ecad78
relation.isOrgUnitOfPublication c8892b3c-8db6-4b7b-a33a-1b67f7db2021
thesis.degree.level Doctoral
Files
Original bundle
Now showing 1 - 1 of 1
Thumbnail Image
Name:
DING-DISSERTATION-2021.pdf
Size:
4.31 MB
Format:
Adobe Portable Document Format
Description:
License bundle
Now showing 1 - 1 of 1
No Thumbnail Available
Name:
LICENSE.txt
Size:
3.86 KB
Format:
Plain Text
Description: