The SILM seminar features up to two presentations, one day per month from September 2019 to March 2020 on the security at the software/hardware interface. Following the format of its siblings, presentations will take place at INRIA, Rennes, France.
The seminar is usually held one Friday per month between 10h and 12h at INRIA, on the Beaulieu campus in Rennes (France).
Seminars are open to the public. But to be allowed to enter the building, please register first by sending a mail with your names and affiliation to Nadia Derouault (email@example.com) and present an ID at the front desk.
Register to the mailing list at https://sympa.inria.fr/sympa/subscribe/silm-seminar to get info on the next talks.
Videoconference (live stream)
To join :
– connect to https://visio.inria.fr (<login>@inria.fr) and “Meet” : firstname.lastname@example.org (PIN : 4875#)
– for external collaborators : https://visio.inria.fr/invited.sf?secret=O3A9s9dvp2Mvl4xKwR8yWw&id=305424998
– from a visioconference endpoint : call visio.inria.fr then enter the call ID : 305424998# (PIN : 4875#)
– phone: +33 4 92 38 77 88 (77788), then enter 305424998# (PIN : 4875#)
Ronan Lashermes, INRIA, (+33|0)2 99 84 72 84, email@example.com
Guillaume Hiet, CentraleSupélec, firstname.lastname@example.org
November 8th, 2019
Lucas Davi (University of Duisburg-Essen) : Memory Corruption Attacks in the Context of Trusted Execution Environments
ARM TrustZone and Intel Software Guard Extensions (SGX) offer hardware-assisted trusted execution environments (TEEs) to enable strong isolation of security-critical code and data. They also allow systems to perform remote attestation, where a device challenges another device to report its current state. In this talk, we elaborate on remote attestation schemes that do not only attest static properties, but also cover run-time control-flow behavior of applications based on ARM TrustZone. While TEEs enable secure attestation of control-flow behavior, memory corruption attacks (e.g., return-oriented programming) inside TEEs can undermine remote attestation schemes. This talk will elaborate on memory corruption attacks for the use-case of SGX and how we can develop analysis approaches to detect vulnerable TEE code.
December 17th, 2019
15h-16h, Herbert Bos (Vrije Universiteit Amsterdam) : Plenty of Room at the Bottom — For Attackers
Contrary to popular belief, exploitation of modern software has become extremely difficult. Even if the attacker finds a bug, a variety of defenses makes it hard to exploit it. No wonder that attackers have started looking for alternative means to compromise systems. In particular, they quickly discovered that all software defenses today depend on the trustworthiness of the underlying hardware (CPU, memory, etc.), and to their joy, the hardware is not worthy of our trust at all! Common hardware vulnerabilities allow attackers to bypass even the most sophisticated defenses and violate the confidentiality, integrity and availability of state-of-the-art systems. In this talk, I will explore these hardware vulnerabilities that are controllable from software, and discuss our experiences in disclosing such vulnerabilities. In summary: the hardware is broken and this is why we can’t have nice things.
January 17th, 2020
Billy Brumley (Tampere University of Technology): TBD
Yann Loisel (SiFive, RISC-V) : TBD
March 20th, 2020
Frank Piessens (KU Leuven): TBD