Christian Otterstad - Academia.edu (original) (raw)

Uploads

Papers by Christian Otterstad

MPX implements hardware accelerated support for detection and prevention of memory corruption. Th... more MPX implements hardware accelerated support for detection and prevention of memory corruption. This paper will examine the effectiveness of MPX. Herein we attempt to find false positives and false negatives, and to determine what attacks may still be feasible. In particular we wish to see if a system protected by MPX is still exploitable. Intel MPX appears to provide a solid mitigation technique, but may be vulnerable in special circumstances related to how it depends on the surrounding framework to function.

IEEE Computer, Aug 1, 2016

Computing device vendors can introduce malware that is nearly impossible to detect with known met... more Computing device vendors can introduce malware that is nearly impossible to detect with known methods, but microservice solutions can limit the negative impact. Malware contains instructions whose execution negatively impacts stakeholders, typically leading to unauthorized access and computation, data theft, loss of privacy, inability to inspect data, or prolonged downtime. A computing system's robustness to malware attacks strongly depends on the ability of the technical system and its stakeholders to either detect inactive malware before it executes or to detect active executing malware as soon as possible, before it causes serious damage. Many previous works discuss the general difficulty of detecting malware, but we focus on the ability of buyers and other legitimate stakeholders to detect malware inserted in computing devices by vendors and other insiders with access to the devices before they reach the buyers.

Lecture Notes in Computer Science, 2017

This paper discusses a combination of isolatable microservices and software diversity as a mitiga... more This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy hi... more Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy history. Presently, especially in academia, it features a plethora of mitigation techniques and also various possible modes of attack. It has seen numerous developments building upon basic methods for both sides and certain trends have emerged. This paper is primarily an overview paper, focusing especially on x86 GNU/Linux. The basic reasons inherent for allowing low-level exploitability are identified and explained to provide background knowledge. The paper furthermore describes the history, present state of the art and future developments that are topical and appear to be important in the field. Several attack and defense techniques have overlapping notions with not always obvious differences. Herein the notion of the bar being raised for both exploits and mitigation methods is examined and extrapolated upon based on the known relevant present state and history. The difference between academia and the industry is discussed especially where it relates to application of new mitigation techniques. Based on this examination some patterns and trends are identified and a conjecture for the likely future development of both is presented and justified.

Communications in computer and information science, 2017

With the advent of the low-level exploitation mitigation techniques W⊕X, ASLR, and stack canaries... more With the advent of the low-level exploitation mitigation techniques W⊕X, ASLR, and stack canaries, the attacker has in most cases been forced to use ROP (Return-Oriented Programming) to enable successful arbitrary code execution. Strong, fine-grained ASLR has further raised the bar, requiring the attacker to possess an information leak or primitive to read memory. As a further mitigation technique to this attack scenario, XnR (Execute-no-Read) and similar protections have been suggested, which prevent an attacker from reading executable memory. This paper shows that BROP (Blind Return Oriented Programming) can in certain cases be used to exploit mitigation techniques similar to XnR on Linux x86-64. We examine some important aspects of BROP and its First Principles counterpart in the context of defeating XnR, and present and discuss extensions and complications. An exploit implementation is also presented and discussed, showing that XnR by itself-without sufficiently strong ASLR-offers no protection against BROP-type reading of memory.

IEEE Computer, Feb 1, 2019

Springer eBooks, 2018

The microservice architecture is a subtype of distributed systems that has been attracting a lot ... more The microservice architecture is a subtype of distributed systems that has been attracting a lot of interest both in the industry and academia. Emerging research recognizes the need for a better understanding of microservice security, and, in particular, mechanisms that enable defence-in-depth and adaptive security. With the continuously growing number of possible attacks and defenses, the choice in the optimal defense strategy becomes non-trivial as well as time critical. We propose a cost-sensitive adaptable intrusion response system for microservices, which uses a game theoretic approach to automatically respond to network attacks in real time. Furthermore, we discuss both the applicable attacks and defense responses specific to microservices.

Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy hi... more Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy history. Presently, especially in academia, it features a plethora of mitigation techniques and also various possible modes of attack. It has seen numerous developments building upon basic methods for both sides and certain trends have emerged. This paper is primarily an overview paper, focusing especially on x86 GNU/Linux. The basic reasons inherent for allowing low-level exploitability are identified and explained to provide background knowledge. The paper furthermore describes the history, present state of the art and future developments that are topical and appear to be important in the field. Several attack and defense techniques have overlapping notions with not always obvious differences. Herein the notion of the bar being raised for both exploits and mitigation methods is examined and extrapolated upon based on the known relevant present state and history. The difference between ac...

The microservice architecture is a subtype of distributed systems that has been attracting a lot ... more The microservice architecture is a subtype of distributed systems that has been attracting a lot of interest both in the industry and academia. Emerging research recognizes the need for a better understanding of microservice security, and, in particular, mechanisms that enable defense-in-depth and adaptive security. With the continuously growing number of possible attacks and defenses, the choice in the optimal defense strategy becomes non-trivial as well as time critical. We propose a cost-sensitive adaptable intrusion response system for microservices, which uses a game theoretic approach to automatically respond to network attacks in real time. Furthermore, we discuss both the applicable attacks and defense responses specific to microservices.

With the advent of the low-level exploitation mitigation techniques W\(\oplus \)X, ASLR, and stac... more With the advent of the low-level exploitation mitigation techniques W\(\oplus \)X, ASLR, and stack canaries, the attacker has in most cases been forced to use ROP (Return-Oriented Programming) to enable successful arbitrary code execution. Strong, fine-grained ASLR has further raised the bar, requiring the attacker to possess an information leak or primitive to read memory. As a further mitigation technique to this attack scenario, XnR (Execute-no-Read) and similar protections have been suggested, which prevent an attacker from reading executable memory. This paper shows that BROP (Blind Return Oriented Programming) can in certain cases be used to exploit mitigation techniques similar to XnR on Linux x86-64. We examine some important aspects of BROP and its First Principles counterpart in the context of defeating XnR, and present and discuss extensions and complications. An exploit implementation is also presented and discussed, showing that XnR by itself—without sufficiently strong...

Service-Oriented and Cloud Computing

This paper discusses a combination of isolatable microservices and software diversity as a mitiga... more This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

2015 Annual IEEE Systems Conference (SysCon) Proceedings, 2015

Norsk Informasjonssikkerhetskonferanse, Nov 8, 2012

MPX implements hardware accelerated support for detection and prevention of memory corruption. Th... more MPX implements hardware accelerated support for detection and prevention of memory corruption. This paper will examine the effectiveness of MPX. Herein we attempt to find false positives and false negatives, and to determine what attacks may still be feasible. In particular we wish to see if a system protected by MPX is still exploitable. Intel MPX appears to provide a solid mitigation technique, but may be vulnerable in special circumstances related to how it depends on the surrounding framework to function.

IEEE Computer, Aug 1, 2016

Computing device vendors can introduce malware that is nearly impossible to detect with known met... more Computing device vendors can introduce malware that is nearly impossible to detect with known methods, but microservice solutions can limit the negative impact. Malware contains instructions whose execution negatively impacts stakeholders, typically leading to unauthorized access and computation, data theft, loss of privacy, inability to inspect data, or prolonged downtime. A computing system's robustness to malware attacks strongly depends on the ability of the technical system and its stakeholders to either detect inactive malware before it executes or to detect active executing malware as soon as possible, before it causes serious damage. Many previous works discuss the general difficulty of detecting malware, but we focus on the ability of buyers and other legitimate stakeholders to detect malware inserted in computing devices by vendors and other insiders with access to the devices before they reach the buyers.

Lecture Notes in Computer Science, 2017

This paper discusses a combination of isolatable microservices and software diversity as a mitiga... more This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy hi... more Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy history. Presently, especially in academia, it features a plethora of mitigation techniques and also various possible modes of attack. It has seen numerous developments building upon basic methods for both sides and certain trends have emerged. This paper is primarily an overview paper, focusing especially on x86 GNU/Linux. The basic reasons inherent for allowing low-level exploitability are identified and explained to provide background knowledge. The paper furthermore describes the history, present state of the art and future developments that are topical and appear to be important in the field. Several attack and defense techniques have overlapping notions with not always obvious differences. Herein the notion of the bar being raised for both exploits and mitigation methods is examined and extrapolated upon based on the known relevant present state and history. The difference between academia and the industry is discussed especially where it relates to application of new mitigation techniques. Based on this examination some patterns and trends are identified and a conjecture for the likely future development of both is presented and justified.

Communications in computer and information science, 2017

With the advent of the low-level exploitation mitigation techniques W⊕X, ASLR, and stack canaries... more With the advent of the low-level exploitation mitigation techniques W⊕X, ASLR, and stack canaries, the attacker has in most cases been forced to use ROP (Return-Oriented Programming) to enable successful arbitrary code execution. Strong, fine-grained ASLR has further raised the bar, requiring the attacker to possess an information leak or primitive to read memory. As a further mitigation technique to this attack scenario, XnR (Execute-no-Read) and similar protections have been suggested, which prevent an attacker from reading executable memory. This paper shows that BROP (Blind Return Oriented Programming) can in certain cases be used to exploit mitigation techniques similar to XnR on Linux x86-64. We examine some important aspects of BROP and its First Principles counterpart in the context of defeating XnR, and present and discuss extensions and complications. An exploit implementation is also presented and discussed, showing that XnR by itself-without sufficiently strong ASLR-offers no protection against BROP-type reading of memory.

IEEE Computer, Feb 1, 2019

Springer eBooks, 2018

The microservice architecture is a subtype of distributed systems that has been attracting a lot ... more The microservice architecture is a subtype of distributed systems that has been attracting a lot of interest both in the industry and academia. Emerging research recognizes the need for a better understanding of microservice security, and, in particular, mechanisms that enable defence-in-depth and adaptive security. With the continuously growing number of possible attacks and defenses, the choice in the optimal defense strategy becomes non-trivial as well as time critical. We propose a cost-sensitive adaptable intrusion response system for microservices, which uses a game theoretic approach to automatically respond to network attacks in real time. Furthermore, we discuss both the applicable attacks and defense responses specific to microservices.

Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy hi... more Low-level computer exploitation and its mitigation counterpart has accumulated some noteworthy history. Presently, especially in academia, it features a plethora of mitigation techniques and also various possible modes of attack. It has seen numerous developments building upon basic methods for both sides and certain trends have emerged. This paper is primarily an overview paper, focusing especially on x86 GNU/Linux. The basic reasons inherent for allowing low-level exploitability are identified and explained to provide background knowledge. The paper furthermore describes the history, present state of the art and future developments that are topical and appear to be important in the field. Several attack and defense techniques have overlapping notions with not always obvious differences. Herein the notion of the bar being raised for both exploits and mitigation methods is examined and extrapolated upon based on the known relevant present state and history. The difference between ac...

The microservice architecture is a subtype of distributed systems that has been attracting a lot ... more The microservice architecture is a subtype of distributed systems that has been attracting a lot of interest both in the industry and academia. Emerging research recognizes the need for a better understanding of microservice security, and, in particular, mechanisms that enable defense-in-depth and adaptive security. With the continuously growing number of possible attacks and defenses, the choice in the optimal defense strategy becomes non-trivial as well as time critical. We propose a cost-sensitive adaptable intrusion response system for microservices, which uses a game theoretic approach to automatically respond to network attacks in real time. Furthermore, we discuss both the applicable attacks and defense responses specific to microservices.

With the advent of the low-level exploitation mitigation techniques W\(\oplus \)X, ASLR, and stac... more With the advent of the low-level exploitation mitigation techniques W\(\oplus \)X, ASLR, and stack canaries, the attacker has in most cases been forced to use ROP (Return-Oriented Programming) to enable successful arbitrary code execution. Strong, fine-grained ASLR has further raised the bar, requiring the attacker to possess an information leak or primitive to read memory. As a further mitigation technique to this attack scenario, XnR (Execute-no-Read) and similar protections have been suggested, which prevent an attacker from reading executable memory. This paper shows that BROP (Blind Return Oriented Programming) can in certain cases be used to exploit mitigation techniques similar to XnR on Linux x86-64. We examine some important aspects of BROP and its First Principles counterpart in the context of defeating XnR, and present and discuss extensions and complications. An exploit implementation is also presented and discussed, showing that XnR by itself—without sufficiently strong...

Service-Oriented and Cloud Computing

This paper discusses a combination of isolatable microservices and software diversity as a mitiga... more This paper discusses a combination of isolatable microservices and software diversity as a mitigation technique against low-level exploitation; the effectiveness and benefits of such an architecture are substantiated. We argue that the core security benefit of microservices with diversity is increased control flow isolation. Additionally, a new microservices mitigation technique leveraging a security monitor service is introduced to further exploit the architectural benefits inherent to microservice architectures.

2015 Annual IEEE Systems Conference (SysCon) Proceedings, 2015

Norsk Informasjonssikkerhetskonferanse, Nov 8, 2012