Defence of dissertation in the field of Computer Science, MSc Hans Liljestrand

Title of the dissertation is "Hardware-assisted memory safety"

Computers today are ubiquitous. But programs are made by fallible humans and run on imperfect hardware. As a result, computers are plagued by memory vulnerabilities. Remedies exist but are often costly. To achieve wide-spread use, security must be effortlessly integrated into existing tools and languages. Meanwhile, new security features are being rolled out in commodity hardware but are non-trivial to use effectively. In this dissertation, I explore the utilization of such hardware features.

I focus on ARM Pointer Authentication (PA), Intel Memory Protection Extensions  (MPX) and Intel Software Guard Extensions (SGX). I show how to address weaknesses in prior PA-based defences and present novel PA-based solutions for memory safety. I also explore kernel protection using MPX and present a compile-time mitigation for a branch-shadowing attack on SGX.

The presented security schemes achieve minimal performance overheads by using features in off-the-shelf hardware. Compile-time instrumentation integrates these features into existing code, without developer intervention. The dissertation thus paves way towards widely deployable and performant security solutions for a large range of systems.

Opponent: Professor Juha Röning, University of Oulu

Custos: Professor N. Asokan, Aalto University School of Science, Department of Computer Science

Contact information: Hans Liljestrand, Department of Computer Science, +358 (0)45 323 9394, [email protected]

Electronic dissertation

The dissertation is publicly displayed 10 days before the defence at the noticeboard of the School of Science in Konemiehentie 2, Espoo.