Defending Software Systems from Cyber Attack Campaigns
Presented by R. Sekar
The DNC hack of 2016, the Equifax breach of 2017, and the spate of
ransomware campaigns in 2019 demonstrate the formidable challenges we face in securing our network and software systems against highly stealthy and sophisticated adversaries. In this talk, I will describe two avenues of research we have been pursuing to help tilt the table against such powerful adversaries. The first is software hardening techniques that make software vulnerabilities harder to exploit. To maximize their applicability and ease of use, our techniques are implemented into compilers, or they directly transform binary code. I will outline some of the exciting new developments we have had in this area over the years, including randomization, memory safety, information-flow tracking, control-flow integrity, and code-pointer
integrity. We complement this first line of defense with techniques for analyzing and understanding attack campaigns that manage to slip past all deployed defenses. Our techniques can sift through logs consisting of hundreds of millions of events to zoom in on attack activity that may span just a few hundred events. I will describe our experience in mapping out several DARPA-sponsored red team attack campaigns.