Large-scale Automated Software Diversity Using Programming Language Technology to Enhance Software and System Security 24.02.2017 | 10:00 Uhr - 11:30 Uhr
Security is among the most pressing problems in computing today, with high profile breaches receiving notable media coverage and increasingly also impact in daily life. Recently, for example, hackers stole 500 million (sic!) passwords from Yahoo’s email service. After briefly talking about the current state of cyber-security, I will be analyzing the current software ecosystem and identify a fundamental flaw: the software monoculture. I will then illustrate return-oriented programming (ROP) and show how software diversity effectively mitigates this attack vector. In addtion I will cover important next steps: adaptive diversification to reduce performance impact and active defenses as a new capability.
Stefan Brunthaler, Universität Paderborn