Session
Schedule FOSDEM 2020
Security

SpecFuzz: Bringing Spectre-type vulnerabilities to the surface

UA2.114 (Baudoux)
Oleksii Oleksenko
Spectre-type attacks are a real threat to secure systems because a successful attack can undermine even an application that would be traditionally considered safe. SpecFuzz is the first tool that enables fuzzing for such vulnerabilities.

The key is a novel concept of speculation exposure: The program is instrumented to simulate speculative execution in software by forcefully executing the code paths that could be triggered due to mispredictions, thereby making the speculative memory accesses visible to integrity checkers (e.g., AddressSanitizer). Combined with the conventional fuzzing techniques, speculation exposure enables more precise identification of potential vulnerabilities compared to state-of-the-art static analyzers.

Technical report: https://arxiv.org/abs/1905.10311

Additional information

Type devroom

More sessions

2/1/20
Security
Arne Padmos
UA2.114 (Baudoux)
What threats do we need to take into account when building a system? A key method for answering this question is an approach called threat modelling, whereby security problems can be anticipated during the design phase. This talk discusses major threat-modelling approaches, and includes concrete examples of how to apply them to software-intensive systems.
2/1/20
Security
Tomáš Mráz
UA2.114 (Baudoux)
Management of allowed cryptographical algorithms to disallow algorithms not allowed due to weaknesses or restrictions by certification standards is complicated task. The talk will introduce system-wide crypto-policies concept and implementation as an attempt to help system administrators with this task. This talk replaces "OSINT" talk which was schedulled initially, but David Busby could not attend on the short notice.
2/1/20
Security
Tobias Reiher
UA2.114 (Baudoux)
Security vulnerabilities are still very common in todays software. Formal methods could improve the situation, but program verification remains a complex and time-consuming task. Often, the verification of existing software is infeasible and a complete rewrite can be prohibitively expensive. Both, however, is not necessarily required to improve on the current state. By replacing critical parts of an existing software by verified code, security can be strengthened significantly with moderate ...
2/1/20
Security
Lorenzo Fontana
UA2.114 (Baudoux)
Linux Syscalls can be used as an entrypoint to do security analysis on Linux. However reading and processing every system call in userspace creates a very unique set of challenges. In this talk we are going to see exactly what those challenges are and how we solved them in the Falco project.
2/1/20
Security
John Lionis
UA2.114 (Baudoux)
In this presentation we take under consideration the increased use of Docker in corporate environments. It is a fact that Docker has found wide spread of use during the past years, mostly because of it being very easy to use , economic w.r.t resources used, fast and easy to deploy when compared with a full blown virtual machine. More and more servers are being operated as Docker hosts on which micro-services run in containers. From a security point of view, two aspects of it arise in the context ...
2/1/20
Security
Gilles Van Assche
UA2.114 (Baudoux)
Protocols in symmetric cryptography are often built from block ciphers, with a fixed input and output size, while variable sizes are handled through their modes of use. Incrementality, namely, the ability to efficiently compute the output for increasing inputs, or to request longer outputs, is often a property of the implementation rather than an explicit feature of a mode. A doubly-extendable cryptographic keyed (or deck) function is a new kind of object that makes incrementality an integral ...
2/1/20
Security
Robert Golebiowski
UA2.114 (Baudoux)
How Transparent Data Encryption is built in MySQL and Percona Server ? - keyrings – what are they used for ? What is the difference between using a server back-end (keyringvault) versus file back-end (keyringfile). How it affects server startup and why? Why per server separation is needed in Vault Server? - How Master Key encryption works ? How it is build on page level ? How do we know which key we should fetch to decrypt a table ? How do we know that used key is the correct one ? How do we ...