Beyond “Zero Trust:” Selective High Assurance for Commodity Software Systems

Speaker: Prof. Virgil D. Gligor
Affiliation: Carnegie Mellon University (CMU)
Date: 25th September, Monday

We review the basic notions of trust, trust minimization, zero trust, and trust establishment. We show that zero trust impossible in any enterprise network and has meaning only as an unreachable limit of trust establishment. We present the key characteristics of zero-trust architectures (ZTAs) and show that they have low breach-prevention value as they cannot address common attacks, much less advanced ones. Furthermore, evidence shows that their goal of limiting the effects of security breaches (i.e., “lateral” adversary movement) is often unachieved. Nevertheless, mature ZTAs assure backward software compatibility and reduce breach recovery costs, but not as much as AI/ML methods and tools.

In view of these observations, we are asking how to demonstrably increase breach-prevention value and further decrease expected breach-recovery costs for rational defenders (e.g., enterprises) that have already employed ZTAs and advanced AI/ML tools. We introduce the notion of selective high assurance for commodity software1 and show that it is economically justified for producers and necessary for rational defenders. We address the challenge of finding a lower bound on the economic value of selective high assurance independent of the defenders’ risk preferences; i.e., a value that depends only on the commodity software itself and the attacks it withstands. We present an approach to determine such a value and illustrate it for SCION, a networking software system with provable security properties.

Virgil D. Gligor is a Professor at Carnegie Mellon University. His research interests have ranged from access control mechanisms, penetration analysis, and denial-of-service protection to cryptographic protocols and applied cryptography. He was an associate editor of several ACM and IEEE journals and the editor in chief of the IEEE Transactions on Dependable and Secure Computing. He received the 2006 National Information Systems Security Award jointly given by NIST and NSA, the 2011 Outstanding Innovation Award of ACM SIGSAC, and the 2013 Technical Achievement Award of IEEE Computer Society. He was inducted into the National Cyber Security Hall of Fame in 2019.

Engineering Privacy Beyond the Paper

Speaker: Dr. Carmela Troncoso
Affiliation: École Polytechnique Fédérale de Lausanne (EPFL)
Date: 26th September, Tuesday

In recent years, we keep hearing that every digital system has to be designed with “Privacy by Design”. It is easy to agree with this idea, but in practice, what does it mean? In this talk, we will discuss different interpretations of this philosophy that allow us to approach the problem from a technical point of view. We will see, through examples, how it is possible to combine technologies designed to enhance privacy (Privacy Enhancing Technologies) into systems that allow complex functionalities without the need to collect and process data. We will end the talk by discussing challenges that arise when applying this design methodology and that may prevent the widespread deployment of these technologies.

Carmela Troncoso is an Associate Professor at EPFL (Switzerland) where she heads the SPRING Lab. Her work focuses on analyzing, building, and deploying secure and privacy-preserving systems. Troncoso holds a Ph.D. in engineering from KULeuven. Her thesis, Design and Analysis Methods for Privacy Technologies, received the European Research Consortium for Informatics and Mathematics Security and Trust Management Best Ph.D. Thesis Award, and her work on privacy engineering received the CNIL-INRIA Privacy Protection Award in 2017. She has been named 40 under 40 in technology by Fortune in 2020.

What’s up with All the Fuzz?

Speaker: Dr. Mathias Payer
Affiliation: École Polytechnique Fédérale de Lausanne (EPFL)
Date: 27th September, Wednesday

Software is full of bugs. Some of these bugs are exploitable. The only way to safely protect systems against compromise is to find and fix vulnerabilities before attackers. Automated fuzz testing has emerged as the de-facto standard for finding bugs. Fuzz testing is simple, effective, and can be automated as part of the development toolchain: the fuzzer repeatedly runs the target program with randomly created inputs, looking for crashes. After quickly introducing the key idea behind modern fuzz testing, we will dive into why and how fuzz testing became such a hot topic. All purpose fuzzing has seen a plethora of improvements across all dimensions such as input generation, scheduling of executions, or feedback from the execution. To highlight some ongoing challenges, we look at fuzzing niches such as targeting browsers, hypervisors, or embedded systems.

Mathias Payer is a security researcher and associate professor at EPFL, leading the HexHive group. His research focuses on protecting applications in the presence of vulnerabilities, with a focus on memory corruption and type violations. He is interested in software security, system security, binary exploitation, effective mitigations, fault isolation/privilege separation, strong sanitization, and software testing (fuzzing) using a combination of binary analysis and compiler-based techniques. He was awarded both the ERC Starting Grant and the SNSF Eccellenza to foster research in software security (each of which is comparable to the NSF CAREER). 

  1. joint work with Adrian Perrig and David Basin. ↩︎