Guest Speaker: Paul Muntean
480 Dreese Labs
2015 Neil Ave, Columbus, Ohio 43210
CastSan: Efficient Detection of Polymorphic C++ Object Type Confusions with LLVM
C++ object type confusion vulnerabilities as the result of illegal object casting have been threatening systems’ security for decades. While there exist several solutions to address this type of vulnerability, none of them are sufficiently practical for adoption in production scenarios. Most competitive and recent solutions require object type tracking for checking polymorphic object casts, and all have prohibitively high runtime overhead. The main source of overhead is the need to track the object type during runtime for both polymorphic and non-polymorphic object casts. In this talk, I will present CASTSAN, a C++ object type confusion detection tool for polymorphic objects only, which scales efficiently to large and complex code bases as well as to many concurrent threads. To considerably reduce the object type cast checking overhead, we employ a new technique based on constructing the whole virtual table hierarchy during program compile time. Since CASTSAN does not rely on keeping track of the object type during runtime, the overhead is drastically reduced. Our evaluation results show that complex applications run insignificantly slower when our technique is deployed, thus making CASTSAN a real-world usage candidate. Finally, we envisage that based on our object type confusion detection technique, which relies on ordered virtual tables (vtables), even non-polymorphic object casts could be precisely handled by constructing auxiliary non-polymorphic function table hierarchies for static classes as well.
Bio: Paul Muntean received the B.Sc. degree in computer science and engineering in 2010, from Technical University of Cluj-Napoca, Romania, his M.Sc. degree in software engineering and IT security in 2012 from the Technical University of Munich, Germany, and he currently submitted his PhD thesis to the Technical University of Munich for evaluation. Nowadays, amongst other things, he is waiting for a reply from the Technical University of Munich. He is currently looking for extending his computer security knowledge both from academical and industry perspective. His research interests include computer security, software hardening, testing and debugging, hardware based computer security and crypto currency security. He enjoys attending and participating in capture the flag competitions.
Host: Z. Lin