Stefan Nürnberger’s research while affiliated with Klinikum Saarbrücken and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (23)


Proconda -- Protected Control Data
  • Preprint

September 2019

·

48 Reads

Marie-Therese Walter

·

David Pfaff

·

Stefan Nürnberger

·

Michael Backes

Memory corruption vulnerabilities often enable attackers to take control of a target system by overwriting control-flow relevant data (such as return addresses and function pointers), which are potentially stored in close proximity of related, typically user-controlled data on the stack. In this paper, we propose ProConDa, a general approach for protecting control-flow relevant data on the stack ProConDa leverages hardware features to enforce a strict separation between control-flow relevant and regular data of programs written in non-memory-safe languages such as C. Contrary to related approaches, ProConDa does not rely on information hiding and is therefore not susceptible to several recent attacks specifically targeting information hiding as a foundation for memory isolation. We show that ProConDa enforcement is compatible with existing software by applying a software-based prototype to industry benchmarks on an ARM CPU running Linux.


Fig. 2: The profile for stack usage of syscalls in the Linux kernel. The total size of the kernel stack is 16KB. 90% syscalls use less than 1,260 bytes aligned to stack base. The average stack usage is less than 1,000 bytes, and the vast majority of stack objects are allocated within the highest 1KB stack region. 
Fig. 5: The cumulative distribution (CDF) of coverage achieved by exhaustive memory spraying. Its average control rate is about 90%. The controlled memory is aligned to the low address of the kernel stack; a portion (1,700 bytes on average) near the stack base cannot be controlled. 
Fig. 6: The coverage, distribution, and frequency of stack control achieved by the deterministic stack spraying technique. 
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying
  • Conference Paper
  • Full-text available

January 2017

·

501 Reads

·

40 Citations

·

Marie-Therese Walter

·

David Pfaff

·

[...]

·

Michael Backes
Download

– vatiCAN – Vetted, Authenticated CAN Bus

August 2016

·

224 Reads

·

81 Citations

Lecture Notes in Computer Science

In recent years, several attacks have impressively demonstrated that the software running on embedded controllers in cars can be successfully exploited – often even remotely. The fact that components that were hitherto purely mechanical, such as connections to the brakes, throttle, and steering wheel, have been computerized makes digital exploits life-threatening. Because of the interconnectedness of sensors, controllers and actuators, any compromised controller can impersonate any other controller by mimicking its control messages, thus effectively depriving the driver of his control. The fact that carmakers develop vehicles in evolutionary steps rather than as revolution, has led us to propose a backward-compatible authentication mechanism for the widely used CAN vehicle communication bus. vatiCAN allows recipients of a message to verify its authenticity via HMACs, while not changing CAN messages for legacy, non-critical components. In addition, vatiCAN detects and prevents attempts to spoof identifiers of critical components. We implemented a vatiCAN prototype and show that it incurs a CAN message latency of less than 4 ms, while giving strong guarantees against non-authentic messages.


Autonome Systeme: Autonome Probleme

August 2016

·

80 Reads

·

2 Citations

Datenschutz und Datensicherheit - DuD

Autonome Systeme und das Internet of Things halten immer stärker Einzug in unser Leben. Selbst lernende und sich anpassende Systeme erhöhen zweifellos die Lebensqualität–die mit ihnen verbundenen offenen technischen, ethischen und sicherheitsrelevanten Herausforderungen werden jedoch in der öffentlichen Diskussion vernachlässigt.


RamCrypt: Kernel-based Address Space Encryption for User-mode Processes

May 2016

·

407 Reads

·

28 Citations

We present RamCrypt, a solution that allows unmodified Linux processes to transparently work on encrypted data. RamCrypt can be deployed and enabled on a per-process basis without recompiling user-mode applications. In every enabled process, data is only stored in cleartext for the moment it is processed, and otherwise stays encrypted in RAM. In particular, the required encryption keys do not reside in RAM, but are stored in CPU registers only. Hence, RamCrypt effectively thwarts memory disclosure attacks, which grant unauthorized access to process memory, as well as physical attacks such as cold boot and DMA attacks. In its default configuration, RamCrypt exposes only up to 4 memory pages in cleartext at the same time. For the nginx web server serving encrypted HTTPS pages under heavy load, the necessary TLS secret key is hidden for 97% of its time.


Fig. 4: The workflow of re-randomization.
Fig. 6: ASLR bypassing (clone-probing) attack against Nginx web server with stack reading of Hacking Blind. 
How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

February 2016

·

1,497 Reads

·

80 Citations

Existing techniques for memory randomization such as the widely explored Address Space Layout Randomization (ASLR) perform a single, per-process randomization that is applied before or at the process' load-time. The efficacy of such upfront randomizations crucially relies on the assumption that an attacker has only one chance to guess the randomized address, and that this attack succeeds only with a very low probability. Recent research results have shown that this assumption is not valid in many scenarios, e.g., daemon servers fork child processes that inherent the state – and if applicable: the randomization – of their parents, and thereby create clones with the same memory layout. This enables the so-called clone-probing attacks where an adversary repeatedly probes different clones in order to increase its knowledge about their shared memory layout. In this paper, we propose RUNTIMEASLR – the first approach that prevents clone-probing attacks without altering the intended semantics of child process forking. The paper makes the following three contributions. First, we propose a semantics-preserving and runtime-based approach for preventing clone-probing attacks by re-randomizing the address space of every child after fork() at runtime while keeping the parent's state. We achieve this by devising a novel, automated pointer tracking policy generation process that has to be run just once, followed by a pointer tracking mechanism that is only applied to the parent process. Second, we propose a systematic and holistic pointer tracking mechanism that correctly identifies pointers inside memory space. This mechanism constitutes the central technical building block of our approach. Third, we provide an open-source implementation of our approach based on Intel's Pin on an x86-64 Linux platform, which supports COTS server binaries directly. We have also evaluated our system on Nginx web server. The results show that RUNTIMEASLR identifies all pointers, effectively prevents clone-probing attacks. Although it takes a longer time for RUNTIMEASLR to start the server program (e.g., 35 seconds for Nginx), RUNTIMEASLR imposes no run-time performance overhead to the worker processes that provide actual services.


Nearly Optimal Verifiable Data Streaming

February 2016

·

17 Reads

·

33 Citations

Lecture Notes in Computer Science

The problem of verifiable data streaming (VDS) considers the setting in which a client outsources a large dataset to an untrusted server and the integrity of this dataset is publicly verifiable. A special property of VDS is that the client can append additional elements to the dataset without changing the public verification key. Furthermore, the client may also update elements in the dataset. All previous VDS constructions follow a hash-tree-based approach, but either have an upper bound on the size of the database or are only provably secure in the random oracle model. In this work, we give the first unbounded VDS constructions in the standard model. We give two constructions with different trade-offs. The first scheme follows the line of hash-tree-constructions and is based on a new cryptographic primitive called Chameleon Vector Commitment (CVC), that may be of independent interest. A CVC is a trapdoor commitment scheme to a vector of messages where both commitments and openings have constant size. Due to the tree-based approach, integrity proofs are logarithmic in the size of the dataset. The second scheme achieves constant size proofs by combining a signature scheme with cryptographic accumulators, but requires computational costs on the server-side linear in the number of update-operations.


Diamond Rings: Acknowledged Event Propagation in Many-Core Processors

August 2015

·

7 Reads

·

2 Citations

Lecture Notes in Computer Science

Hardware and software consistency protocols rely on global observability of consistency events. Acknowledged broadcast is an obvious choice to propagate these events. This paper presents a generalized ring topology for parallel event propagation with acknowledged delivery. Implementations for various many-core architectures show increased performance over conventional approaches. Therefore, diamond rings are a prime candidate for implementations of distributed memory models.


You Can Run but You Can't Read: Preventing Disclosure Exploits in Executable Code

November 2014

·

121 Reads

·

108 Citations

Code reuse attacks allow an adversary to impose malicious behavior on an otherwise benign program. To mitigate such attacks, a common approach is to disguise the address or content of code snippets by means of randomization or rewriting, leaving the adversary with no choice but guessing. However, disclosure attacks allow an adversary to scan a process-even remotely-and enable her to read executable memory on-the-fly, thereby allowing the just-in-time assembly of exploits on the target site. In this paper, we propose an approach that fundamentally thwarts the root cause of memory disclosure exploits by pre-venting the inadvertent reading of code while the code itself can still be executed. We introduce a new primitive we call Execute-no-Read (XnR) which ensures that code can still be executed by the processor, but at the same time code cannot be read as data. This ultimately forfeits the self-disassembly which is necessary for just-in-time code reuse attacks (JIT-ROP) to work. To the best of our knowledge, XnR is the first approach to prevent memory disclosure attacks of executable code and JIT-ROP attacks in general. Despite the lack of hardware support for XnR in contemporary Intel x86 and ARM processors, our software emulations for Linux and Windows have a run-time overhead of only 2.2% and 3.4%, respectively.


Shared Memory in the Many-Core Age

August 2014

·

14 Reads

·

2 Citations

Lecture Notes in Computer Science

With the evolution toward fast networks of many-core processors, the design assumptions at the basis of software-level distributed shared memory (DSM) systems change considerably. But efficient DSMs are needed because they can significantly simplify the implementation of complex distributed algorithms. This paper discusses implications of the many-core evolution and derives a set of reusable elementary operations for future software DSMs. These elementary operations will help in exploring and evaluating new memory models and consistency protocols.


Citations (19)


... This may inadvertently result in information disclosure, ranging from leaked pointer values [12] to the exposure of sensitive cryptographic keys [73]. Leaked pointer values can be exploited by attackers to bypass address space layout randomization (ASLR) [12], while the use of uninitialized variables can allow arbitrary code execution attacks [47]. Following recent surveys, use-before-initialized conditions account for a sizable 10% of memory-safety vulnerabilities in the wild [7], [35], [75]. ...

Reference:

Mon CH\`ERI <3 Adapting Capability Hardware Enhanced RISC with Conditional Capabilities
Unleashing Use-Before-Initialization Vulnerabilities in the Linux Kernel Using Targeted Stack Spraying

... We also introduce a formal security model and provide detailed security proofs of this scheme. • We provide analyses and conduct experimental evaluations compared with other existing schemes [10][11][12][13] , the theoretical analysis and experimental results demonstrate that our scheme performs efficiently in storage and Update while retaining competitive results in Append and Verify . ...

Nearly Optimal Verifiable Data Streaming
  • Citing Chapter
  • February 2016

Lecture Notes in Computer Science

... The paper [16] sheds light on distributed shared-memory (DSM) systems in the many-core era and discusses possibilities for elementary operations to support DSM in an efficient and portable way. I contributed, as a co-author, to the parts on Invasive Computing and related work. ...

Shared Memory in the Many-Core Age
  • Citing Conference Paper
  • August 2014

Lecture Notes in Computer Science

... This often results in considerable transmission delays and significant memory and computational overhead, which resource-constrained systems cannot support. To address these limitations, many researchers have turned to MACs, particularly HMACs [60], [61], [62], [63], [64], [65], [66], [67], [68], [69], [70]. Hash functions are less computation-intensive than asymmetric cryptographic algorithms and can be efficiently implemented even on devices with limited resources. ...

– vatiCAN – Vetted, Authenticated CAN Bus
  • Citing Conference Paper
  • August 2016

Lecture Notes in Computer Science

... KI-Systemen können Aufgaben übertragen werden, die ursprünglich menschliche Akteure mit ihren kognitiven, emotionalen und kommunikativen Fähigkeiten benötigen [28]. In den Systemen interagieren Daten, Algorithmen und Modelle oft auf eine schwer nachvollziehbare Art, die nicht auf entsprechende menschliche Herangehensweisen und Erklärmuster rückführbar ist [29]. Die Systeme sind dadurch in der Lage, Diagnosen zu stellen oder Therapieoptionen zu empfehlen, wodurch sie einen großen klinischen Nutzen mit sich bringen können. ...

Autonome Systeme: Autonome Probleme

Datenschutz und Datensicherheit - DuD

... Additionally, a swap area descriptor maintains pertinent operational details, including slot states and usage status [25] [3,[714][715][716][717][718]. Whereas there are multiple techniques to encrypt the main memory during runtime [12,13], the possibilities to encrypt swap memory are limited because of various constraints like re-initialisation on reboot and suspend-to-disk. [24] presents Cryptkeeper, which provides swap encrpytion as a side-effect. ...

RamCrypt: Kernel-based Address Space Encryption for User-mode Processes
  • Citing Conference Paper
  • May 2016

... For example, LAEG [23] can efficiently recover base addresses from uninitialized buffers and use them to construct an exploit that is resilient to ASLR. In addition, the Clone-ROP [24] can also get the addresses through process cloning. To solve the clone problem, researchers perform periodic or real-time ASLR and AntiRead Method [25]. ...

How to Make ASLR Win the Clone Wars: Runtime Re-Randomization

... The secret key concepts were put forth and applied to virtual machines on the foundation of a special client-controlled CaaS architecture for cloud computing (Bleikertz et al., 2013). The management and storage of cloud customers' keys as well as all cryptographic operations are segregated inside a secure crypto domain called DomC, which is tightly tied to the workloads of clients, according to these researchers, who focused on the usage of physical hardware security modules. ...

Client-Controlled Cryptography-as-a-Service in the Cloud
  • Citing Conference Paper
  • June 2013

Lecture Notes in Computer Science