Agenda

Speaker: Frank Piessens, Katholieke Universiteit Leuven, Belgium

Abstract:
Software is one of the main weak links in the security of our ICT infrastructure. For many high-profile attacks, the exploitation of software vulnerabilities is a key ingredient of the attack. The first part of this presentation will survey some of the attacker models under which one can study the security of software, and will discuss how the most recent attack techniques rely on specific hardware features. Hence, the question of how to design hardware to support software security is a practically relevant and challenging research question. Both industry and academia are re-considering how hardware can assist in guaranteeing the security of software-based systems. The second part of the talk will zoom in on one class of such new hardware designs: capability-based processors. The study of capability based protection mechanisms is decades old, but has seen a significant revival over the past years. A representative recent design is the Cambridge CHERI processor. The talk will give an informal overview of our ongoing investigation of the formal security properties of compilers and system software for such capability based processors.                                          

 Bio Sketch
 Frank Piessens is a full professor in the Department of Computer Science at the Katholieke Universiteit Leuven, Belgium. His research field is software security, where he focuses on the development of high-assurance techniques to deal with implementation-level software vulnerabilities and bugs, including techniques such as software verification, run-time onitoring, hardware security architectures, type systems and programming language design. He studies the theory behind these techniques as well as their application in many types of software systems, including web applications, embedded software, and mobile applications. He has published over 200 scientific papers on these topics. Frank has served on the program committee of numerous security and software conferences including ACM CCS, Usenix Security, IEEE Security & Privacy, and ACM POPL. He acted as rogram chair for the International symposium on Engineering Secure Software and Systems (ESSOS 2014 & 2015), for the International Conference on Principles of Security and Trust (POST 2016) and for the IEEE European Symposium on Security & Privacy (Euro S&P 2018 & 2019).