公式動画ピックアップ
AAPL
ADBE
ADSK
AIG
AMGN
AMZN
BABA
BAC
BL
BOX
C
CHGG
CLDR
COKE
COUP
CRM
CROX
DDOG
DELL
DIS
DOCU
DOMO
ESTC
F
FIVN
GILD
GRUB
GS
GSK
H
HD
HON
HPE
HSBC
IBM
INST
INTC
INTU
IRBT
JCOM
JNJ
JPM
LLY
LMT
M
MA
MCD
MDB
MGM
MMM
MSFT
MSI
NCR
NEM
NEWR
NFLX
NKE
NOW
NTNX
NVDA
NYT
OKTA
ORCL
PD
PG
PLAN
PS
RHT
RNG
SAP
SBUX
SHOP
SMAR
SPLK
SQ
TDOC
TEAM
TSLA
TWOU
TWTR
TXN
UA
UAL
UL
UTX
V
VEEV
VZ
WDAY
WFC
WK
WMT
WORK
YELP
ZEN
ZM
ZS
ZUO
公式動画&関連する動画 [Syscall-Flow-Integrity Protection (SFIP) at Qualcomm Security Summit]
As applications become more complex, the odds of more security vulnerabilities happening increases.
At the 2022 Qualcomm Product Security Summit, Graz University of Technology’s Claudio Canella conducted a session entitled “Enforcing Program Behavior Through Syscall Sequences and Origins,” and walked the audience through possible security countermeasures.
One such countermeasure is Control-Flow Integrity, or CFI. CFI allows you to restrict syscalls and returns to a specific location, but only within one security domain, like the user-space or the kernel, and does not protect interaction between the two.
Protecting against cross-security-domain attacks requires the Linux Secure Computing (Seccomp) feature, which limits an application's syscalls to a pre-defined set. However, Seccomp only considers individual syscalls independent of previously executed ones, which reduces its effectiveness.
Built upon Claudio Canella’s previous work on Enter Sandbox, Syscall-Flow-Integrity Protection (SFIP) addresses the limitations of Linux Seccomp by limiting the control flow across security domains like user-to-kernel transfers. SFIP is built upon three pillars: syscall sequences that model the control flow of the application, a syscall origin map that identifies valid syscall locations, and kernel enforcement that checks whether the current syscall is part of a valid sequence and originates from a valid location.
Extracting the information necessary for SFIP presents three challenges, which led to the creation of an automated extraction system called SysFlow. SysFlow allows for fully automated syscall-flow-integrity protection of large-scale applications.
SFIP sports a minimal runtime overhead of 1.8%, which makes it a worthwhile solution that increases the complexity of control-hijacking and mimicry attacks, and provides a significant attack surface reduction.
Learn more about the Qualcomm Product Security Summit and join the email list for the 2023 event: https://qct-qualcomm.secure.force.com/QCTConference/GenericTSEventHome?eventname=SecuritySummit
View presentations from the Qualcomm Product Security Summit: https://qct-qualcomm.secure.force.com/QCTConference/GenericSitePage?eventname=SecuritySummit&page=Presentations
Watch other presentations from the Qualcomm Product Security Summit: https://www.youtube.com/watch?v=geqc6xQuy_o&t=0s
Learn more about Qualcomm product security: https://www.qualcomm.com/company/product-security#announcements
288
7