*********************************
There is now a CONTENT FREEZE for Mercury while we switch to a new platform. It began on Friday, March 10 at 6pm and will end on Wednesday, March 15 at noon. No new content can be created during this time, but all material in the system as of the beginning of the freeze will be migrated to the new platform, including users and groups. Functionally the new site is identical to the old one. webteam@gatech.edu
*********************************
Tess Malone, Communications Officer
Summary Sentence: Building Trusted Systems on Top of Leaky Abstractions
Full Summary: No summary paragraph submitted.
David KohlbrennerTITLE: Building Trusted Systems on Top of Leaky Abstractions
ABSTRACT:
A modern application’s safety and security relies on a staggeringly complex stack of abstractions, from software libraries and operating systems to firmware and chip architectural choices. Often, performance-oriented design choices at a lower level can impact security in surprising ways and have no clean fix.
This talk will cover how I construct secure and deployable systems without needing to know the adversary’s exact technique. To understand the threat posed by leaky abstractions, I first detail my work on a novel class of side-channel attacks. With this as motivation, I present my Fuzzyfox project for securing the Firefox web browser against all known and unknown timing attacks. Finally, I describe a new way to construct trusted systems leveraging both software and hardware in the Keystone Trusted Execution Environment Framework and future projects.
BIO:
David Kohlbrenner is a postdoctoral scholar working with Dawn Song at UC Berkeley. He previously received his Ph.D. from UC San Diego, where he was advised by Hovav Shacham.
His research focuses on building deployable secure systems with both hardware and software. Adaptations of his research have been deployed in Firefox, Chrome, and the Linux kernel. His adversarial research discovered major vulnerabilities in popular web browsers, resulting in extensive changes to Chrome, Safari, and Firefox. Kohlbrenner also co-founded the San Diego-based embedded security company Somerset Recon in 2012.
