Stony Brook, NY – October, 2013
At the 22nd USENIX Security Symposium in Washington, D.C, Prof. R.Sekar and Stony Brook University (SBU) Computer Science student, Mingwei Zhang, received the best paper award for their presentation, Control Flow Integrity for COTS Binaries.
Sekar and Zhang’s research focuses on Control-Flow Integrity (CFI), which is widely recognized as the foundation for other low-level code defenses and an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Their research is the first time that CFI was applied to complex shared libraries and it demonstrated that CFI implementation is effective against control-flow hijack attacks, and eliminates the vast majority of ROP gadgets.
About the research, Dr. Sekar states, “Our successful results were due to robust techniques for disassembly, static analysis, and transformation of large binaries. To ensure performance, our technique were tested on over 300MB of binaries, including executables and shared libraries.”
Key challenges of the research included disassembly and static analysis of COTS binaries; robust static binary and modular instrumentation, and compatibility.
Receiving the Best Paper Award at USENIX Security is a tremendous honor, considering that the conference is the top venue for systems security. Within the broader area of cryptography, computer and network security, this conference is ranked among the top three in terms of impact among all conferences as well as journals. This year, the conference received 277 paper submissions and accepted only 40 of them (16%), selecting one to receive the best paper award and another as best student paper. To learn more about their research, you can view the video or download the paper here: https://www.usenix.org/conference/usenixsecurity13/technical-sessions/presentation/Zhang.
About Computer Science Department at Stony Brook University
Based on overall quality, research productivity, student support and outcomes, the Department of Computer Science at SBU is ranked among the top 20 computer science departments in the nation by the National Research Council. Poised for interdisciplinary collaboration and research recognition, it is the largest unit in SBU's College of Engineering and Applied Science. The Department boasts internationally renowned faculty who have made significant contributions in visual computing, networking, computer systems, cybersecurity, algorithms, and intelligent computing.