Speaker: Hovav Shacham
Weizmann Institute of Science
Friday, April 20, 2007
11:00 am - 12:00 pm
EBU3b 1202

ABSTRACT
We analyze the effectiveness of two techniques intended to make it harder for attackers to exploit vulnerable programs: W-xor-X and ASLR. W-xor-X marks all writable locations in a process' address space non-executable. ASLR randomizes the locations of the stack, heap, and executable code in an address space. Intel recently added hardware to its processors (the "XD bit") to ease W-xor-X implementation. Microsoft Windows Vista ships with W-xor-X and ASLR. Linux (via the PaX project) and OpenBSD also include support for both. We find that both measures are less effective than previously thought, on the x86 at least. A new way of organizing exploits allows the attacker to perform arbitrary computation using only code already present in the attacked process' address space, so code injection is unnecessary. Exploits organized in the new way chain together dozens of short instruction sequences, each just two or three instructions long. Because of the properties of the x86 instruction set, these sequences might not have been intentionally compiled into the binary; we find them by means of static analysis. Furthermore, the effective entropy of PaX ASLR can be searched by brute force. The attack takes just a few minutes to mount over the network.

Group signatures are a variant of digital signatures that provides anonymity for signers. Any member of a group can sign messages, but the resulting signature keeps the identity of the signer secret. In some systems there is a third party that can undo the signature anonymity (trace) using a special trapdoor. New applications for group signatures include the trusted computing initiative (TCPA) and vehicle safety ad-hoc networks (DSRC). In each case, group signatures provide privacy guarantees for tamper-resistant embedded devices. We describe a short group signature scheme. Signatures in our scheme are approximately the size of a standard RSA signature with the same security. The mathematical setting for our scheme is certain elliptic curves featuring an efficiently computable bilinear map, a setting that has proved fruitful in recent years. We also consider two choices for handling revocation in our scheme.

BIO
Hovav Shacham is a Koshland Scholars Program post-doctoral fellow at the Weizmann Institute of Science, working with Moni Naor. He received his Ph.D. in 2005 from Stanford University, where his ad-visor was Dan Boneh. In 2000, he received an A.B. in English and a B.S. in computer science, also from Stanford.

Hovav's research interests are in applied cryptography and systems security. He is one of the pioneers in using pairings, computable bilinear maps over certain elliptic curves -- to construct cryptographic systems. He has published twelve conference papers and two journal papers, and served on ten program committees.

Hovav is the proud owner of a check from Knuth.